Catch the highlights of GraphQLConf 2023! Click for recordings. Or check out our recap blog post.
Docs
Guides
Headers

Setting Headers

⚠️

This method is not relevant to all handlers!

Please make sure the handler you are using supports this method: You can do it by checking if handler's config reference (appearing on it's designated doc) includes the header fields mentioned in this doc.

Setting configurations

There are two headers-designated configuration fields under each handler - schemaHeaders and operationHeaders:

operationHeaders

Optional field. Used to set the Headers for operation execution. Expects JSON object representing the Headers.

In this example operationHeaders is used to defined the content of the request as Json:

.meshrc.yaml
sources:
  - name: Example
    handler:
      <handler-name>:
        operationHeaders:
          Content-Type: application/json

schemaHeaders

Optional field. Used to set the Headers for schema introspection. Expects JSON object representing the Headers.

Dynamic Header Values (e.g., for Authorization)

Mesh can take dynamic values from the GraphQL Context or the environmental variables. For example, if you use mesh dev or mesh start, GraphQL Context will be the incoming HTTP request.

The expression inside dynamic values should be as in JS.

From Context (HTTP Header for mesh dev or mesh start)

.meshrc.yaml
sources:
  - name: Example
    handler:
      <handler-name>:
        operationHeaders:
          # Please do not use capital letters while getting the headers
          # Use "{context.headers['x-my-api-token']}" if you want just the value of the header
          Authorization: Bearer {context.headers['x-my-api-token']}
          # You can also access to the cookies like below;
          # Authorization: Bearer {context.cookies.myApiToken}

From Environment Variables

Set up the variable on your environment, e.g VERY_SECRET_TOKEN=12345. Then you can use it using {env.VERY_SECRET_TOKEN}.

The config wil look something like:

.meshrc.yaml
sources:
  - name: Example
    handler:
      <handler-name>:
        operationHeaders:
          Authorization: Bearer {env.VERY_SECRET_TOKEN}