/graphql, and the token decides whose account you’re operating on.
Endpoints
Access tokens are minted from a separate OAuth service at
https://oauth-service.fluzapp.com.
Anatomy of a request
query— the GraphQL document. Use named operations (query GetWallet) for better logs.variables— typed inputs, keeping values out of the query string.operationName— optional, useful when a document defines multiple operations.
Queries vs. mutations
- Queries are read-only (
viewer,wallet,transactions). - Mutations change state (
createVirtualCard,purchaseGiftCard,depositCashBalance,createTransfer).
Response format
GraphQL always returns HTTP 200 with adata / errors envelope:
data may be null and errors will describe what went wrong — including a machine-readable code you can branch on. See Errors.
Introspection and schema
Introspection is enabled in staging so you can point tools like Apollo Studio or GraphiQL at the endpoint. In live, introspection is disabled; use the published schema from API reference instead.Next steps
Authentication
How the token in that
Authorization header gets minted — for your account or a customer’s.Errors
What the
errors array contains and how to branch on error codes.