Skip to main content


Authentication is a vital aspect of interacting with the Semble GraphQL Public API. It ensures the security and integrity of your data. Depending on your use case, we provide two methods of authentication: token authentication and user authentication.

Token Authentication

Token authentication is used when your users don't need to authenticate themselves individually. In this scenario, you use a token that is generated in the Semble application.

Follow the steps below to obtain and use the token:

  1. Obtain the Token:

    • Open the Semble application.
    • Navigate to the Settings section.
    • Generate your unique token.

Tokens are very flexible and will control what the API user has access to. For example, you can generate a token that only has access to the patient query, or you can generate a token that has access to bookings but not patients. You can also generate a token that has access to everything.

  1. Use the Token:
    • Once you have the token, include it in your HTTP requests using the x-token header. Here's are examples using curl, javascript, and Python to send a POST request to, querying a patient's firstName and email.
curl -X POST \
-H "Content-Type: application/json" \
-H "x-token: YOUR_TOKEN" \
-d '{
"query": "query { patient(id: \"1\") { firstName email } }"

Replace YOUR_TOKEN with your actual token obtained from the Semble application, and id with the actual patient ID.

User Authentication

User authentication is used when your users need to authenticate individually. In this case, you use the signIn mutation, which returns a short-lived token, valid for 12 hours.

Here's an example of performing the signIn mutation:

Copy code
curl -X POST \
-H "Content-Type: application/json" \
-d '{
"query": "mutation { signIn(email: \"\", password: \"password\") { token } }"

Replace "" and "password" with the user's actual email and password. The server will return a JSON object that includes a token field.

Once you have obtained the token, include it in the x-token header in your HTTP requests as shown in the token authentication example.

Remember to keep your tokens secure. Do not share them publicly. If a token is compromised, you should revoke it immediately.

In the next section, we will explore how to use these tokens to make requests to the Semble GraphQL Public API.