All requests to YesGraph’s API require authentication. There are two authentication patterns that YesGraph supports. If you want to connect from your backend server (a trusted environment), you can use the one for Secure Environments. If you want to connect from your frontend or a mobile app, use the one for Insecure Environments.
Each of your YesGraph projects has a unique Secret API Key. You can find it from the API integration tab on your YesGraph dashboard.
Warning: Keep It Secret!
Note that with this pattern, your clients only talk to your backend and have no direct access to YesGraph’s API.
This pattern is intended for connecting from an untrusted client. If you connect to YesGraph from a trusted environment (e.g. your server’s backend), we recommend the simpler Secure Environments pattern described above.
In this flow the client is untrusted, so never give the client your Secret Key, which provides read & write access to all of your data.
Instead, generate a Client Key on your server using your user’s unique id and your Secret Key. The Client Key enables a specific user limited access to relevant data. For example, that user would be able to retrieve their own contacts, but no other users’ contacts. Read about how to create Client Keys.