Skip to main content

GraphQL Client

The GraphQL client provides typed queries and mutations to the Heimdall API.

graphqlRequest

Execute a GraphQL query or mutation, returning the full response including errors. The first argument is always an ApiClientConfig — pass getApiConfig() from @/lib/api.

import { getApiConfig, graphqlRequest } from "@/lib/api";
import type { GraphQLResponse } from "@/lib/api";

const response: GraphQLResponse<{ user: User }> = await graphqlRequest<{ user: User }>(
getApiConfig(),
query,
variables
);

Parameters

ParameterTypeRequiredDescription
configApiClientConfigYesAPI client config (baseUrl, optional systemApiKey) — use getApiConfig()
querystringYesGraphQL query/mutation string
variablesRecord<string, unknown>NoQuery variables
optionsGraphQLRequestOptionsNoRequest options

Options

interface GraphQLRequestOptions {
/** OAuth access token for user context */
accessToken?: string;
/** Custom headers */
headers?: Record<string, string>;
/** Original User-Agent from the client browser (forwarded as X-Original-User-Agent) */
userAgent?: string;
/** Original IP address from the client (forwarded as X-Forwarded-For) */
clientIp?: string;
/** Source service making the request (e.g., "id", "backend"). Sent as X-Source-Service header. */
sourceService?: string;
/** User ID from the authenticated session (sent as X-User-Id for audit logging) */
userId?: string;
}

Response

interface GraphQLResponse<T> {
data?: T;
errors?: Array<{ message: string; path?: string[] }>;
}

Example

const query = `
query GetUser($id: ID!) {
user(id: $id) {
id
name
email
}
}
`;

const response = await graphqlRequest<{ user: User }>(getApiConfig(), query, { id: "123" });

if (response.errors) {
console.error("GraphQL errors:", response.errors);
return;
}

console.log("User:", response.data?.user);

gql

Helper function that extracts data or throws on errors. Useful when you want exceptions instead of error handling. Like graphqlRequest, its first argument is the ApiClientConfig.

import { getApiConfig, gql } from "@/lib/api";

const data = await gql<{ user: User }>(getApiConfig(), query, variables);
// Throws if errors occur

Parameters

Same as graphqlRequest (config first, then query, variables, options).

Returns

Returns T directly (the data from the response).

Throws

  • Error if the response contains GraphQL errors
  • Error if no data is returned

Examples

Query

const query = `
query GetUsers($limit: Int!) {
users(limit: $limit) {
id
name
}
}
`;

try {
const { users } = await gql<{ users: User[] }>(getApiConfig(), query, { limit: 10 });
console.log("Users:", users);
} catch (error) {
console.error("Query failed:", error.message);
}

Mutation

const mutation = `
mutation UpdateUser($id: ID!, $name: String!) {
updateUser(id: $id, name: $name) {
id
name
}
}
`;

try {
const { updateUser } = await gql<{ updateUser: User }>(getApiConfig(), mutation, {
id: "123",
name: "New Name",
});
console.log("Updated user:", updateUser);
} catch (error) {
console.error("Mutation failed:", error.message);
}

With Access Token

const { user } = await gql<{ user: User }>(
getApiConfig(),
query,
{ id: "123" },
{ accessToken: session.accessToken }
);

Authentication Priority

  1. accessToken option (if provided)
  2. config.systemApiKey (the app populates this from SYSTEM_API_KEY via getApiConfig())
  3. No authentication
// Falls back to config.systemApiKey
const response = await graphqlRequest(getApiConfig(), query, variables);

// Uses provided access token
const response = await graphqlRequest(getApiConfig(), query, variables, {
accessToken: userToken,
});

Error Handling

With graphqlRequest

const response = await graphqlRequest<{ user: User }>(getApiConfig(), query, variables);

if (response.errors) {
for (const error of response.errors) {
console.error(`Error at ${error.path?.join(".")}: ${error.message}`);
}
return;
}

// Safe to use response.data
console.log(response.data?.user);

With gql

try {
const data = await gql<{ user: User }>(getApiConfig(), query, variables);
console.log(data.user);
} catch (error) {
// Handle the first error message
console.error(error.message);
}

Client Info & Audit Logging

extractClientInfo

Extract client information from a Next.js request for audit logging.

import { getApiConfig, extractClientInfo } from "@/lib/api";
import { NextRequest } from "next/server";

export async function POST(request: NextRequest) {
const clientInfo = extractClientInfo(request);
// { userAgent: "...", clientIp: "..." }

const data = await gql<{ result: Result }>(
getApiConfig(),
mutation,
variables,
clientInfo // Passed as the options (4th) parameter
);
}

extractClientInfo takes no config — it only reads headers from the request.

ClientInfo Type

interface ClientInfo {
userAgent?: string;
clientIp?: string;
}

Source service

The library reads no SOURCE_SERVICE env var. To tag which application made the request (for audit logging), pass sourceService in the request options — it is sent as the X-Source-Service header:

const data = await gql<{ result: Result }>(
getApiConfig(),
mutation,
variables,
{ accessToken, sourceService: "id" } // "id" | "backend" | "policies" | "discord_bot" ...
);

Apps typically read their own SOURCE_SERVICE env in src/lib/config.ts (e.g. getSourceService()) and forward the value here.

Complete API Route Example

import { NextRequest, NextResponse } from "next/server";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiConfig, gql, extractClientInfo } from "@/lib/api";

export async function POST(request: NextRequest) {
const session = await getServerSession(authOptions);
if (!session?.user?.id) {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}

const body = await request.json();
const clientInfo = extractClientInfo(request);

const data = await gql<{ updateProfile: User }>(
getApiConfig(),
`mutation UpdateProfile($input: UpdateProfileInput!) {
updateProfile(input: $input) {
id
name
}
}`,
{ input: { userId: session.user.id, ...body } },
{ accessToken: session.accessToken, ...clientInfo }
);

return NextResponse.json(data.updateProfile);
}

Common Patterns

Fetching with Loading State

function UserProfile({ userId }: { userId: string }) {
const [user, setUser] = useState<User | null>(null);
const [loading, setLoading] = useState(true);
const [error, setError] = useState<string | null>(null);

useEffect(() => {
async function fetchUser() {
try {
const { user } = await gql<{ user: User }>(
getApiConfig(),
`query { user(id: "${userId}") { id name email } }`
);
setUser(user);
} catch (e) {
setError(e.message);
} finally {
setLoading(false);
}
}
fetchUser();
}, [userId]);

if (loading) return <div>Loading...</div>;
if (error) return <div>Error: {error}</div>;
return <div>{user?.name}</div>;
}