# User

# Signup

The signup mutation can be used to register and automatically authenticate a new user. Some unrequired arguments such as user.langISO and user.address.countryISO are deduced if not provided based on available IP information.

# Signin

The signin mutation provides multiple methods of authentication as arguments, such as credentials, refreshToken, facebookToken, etc.

The accessToken from the response can then be set in the HTTP Authorization header to perform authenticated requests :

  "Authorization": "Bearer USER_ACCESS_TOKEN"

# Anonymous Session

Some authenticated API paths allow the usage of a temporary session that can be associated to a newly created account in the future (e.g.: Cart operations). An Anonymous Session is created by using the signin mutation without arguments.

To upgrade the Anonymous Session into a regular user account, the signup mutation should be called with the HTTP Authorization header containing the accessToken of the Anonymous Session.

# Password Reset

The password reset process is started with the retrievePassword mutation, which sends an url in an email with a token.

When the user navigates to the url, you can retrieve the token parameter and use it in the updateCredentials mutation as a validator :