GraphQL and REST API for Testing and Prototyping

fake data | real responses | 24/7 online

Resources

`https://gorest.co.in/public/v2/users`	2979
`https://gorest.co.in/public/v2/posts`	1376
`https://gorest.co.in/public/v2/comments`	1368
`https://gorest.co.in/public/v2/todos`	1505

Trying it Out

`POST /public/v2/users`	Create a new user
`GET /public/v2/users/555`	Get user details
`PUT\|PATCH /public/v2/users/555`	Update user details
`DELETE /public/v2/users/555`	Delete user

Nested Resources

`GET /public/v2/users/555/posts`	Retrieves user posts
`GET /public/v2/posts/555/comments`	Retrieves post comments
`GET /public/v2/users/555/todos`	Retrieves user todos

`POST /public/v2/users/555/posts`	Creates a user post
`POST /public/v2/posts/555/comments`	Creates a post comment
`POST /public/v2/users/555/todos`	Creates a user todo

Do not post your personal data like name, email, phone, photo etc...
For paged results parameter "page" should be passed in url ex: GET /public/v2/users?page=1
Request methods PUT, POST, PATCH, DELETE needs access token, which needs to be passed with "Authorization" header as Bearer token.
API Versions /public-api/*, /public/v1/* and /public/v2/*
Get your access token

GraphQL Endpoint

GraphQL API is available at https://gorest.co.in/public/v2/graphql
View GraphQL json schema
View GrapQL schema

Features

Fully secured quick prototyping.
Response format negotiation. (supporting JSON and XML add ".json" or ".xml" to api end point)
Support for the OPTIONS and HEAD verbs.
Full search support on all fields. Ex: https://gorest.co.in/public/v2/users?name=kumar
Data created/modified by a user is only visible to that perticular user, all data will be deleted and recreated on daily basis.
Request and response logging.

Rate Limiting Headers

Customize the rate limit per access token.
X-RateLimit-Limit number of allowed requests/minute.
X-RateLimit-Remaining remaining requests within the current period.
X-RateLimit-Reset seconds to wait before having maximum number of allowed requests again.

Pagination Headers

X-Pagination-Total total number of results.
X-Pagination-Pages total number of pages.
X-Pagination-Page current page number.
X-Pagination-Limit results per page.

API Version 2

Path: /public/v2/*
Response format Object or Array of Objects {} or [{}]
HTTP Status code contains the actual response code, response headers contains the pagination information, response body contains the results.

API Version 1

Path: /public/v1/*
Response format { meta:, data: }
HTTP status code contains the actual response code, meta contains the pagination information and data contains the actual results

API Version 0

Path: /public-api/*
Response format { code :, meta:, data: }
HTTP status code is always 200, code contains the actual response code, meta contains the pagination information, data contains the actual results

Authentication

Unlike Web applications, RESTful APIs are usually stateless, which means sessions or cookies should not be used. Therefore, each request should come with some sort of authentication credentials. A common practice is to send a secret access token with each request to authenticate the user. Since an access token can be used to uniquely identify and authenticate a user, API requests should always be sent via HTTPS to prevent man-in-the-middle (MitM) attacks.

There are different ways to send an access token:

HTTP Basic Auth: the access token is sent as the username.
Query parameter: the access token is sent as a query parameter in the API URL.
e.g. https://gorest.co.in/public/v2/users?access-token=xxx
OAuth 2: the access token is obtained by the consumer from an authorization server and sent to the API server via HTTP Bearer Tokens , according to the OAuth2 protocol.
This API supports only "HTTP Bearer Tokens" and "Query parameter Auth"

cUrl Examples for REST API

List users

curl -i -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization: Bearer ACCESS-TOKEN" -XGET "https://gorest.co.in/public/v2/users"

Create user

curl -i -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization: Bearer ACCESS-TOKEN" -XPOST "https://gorest.co.in/public/v2/users" -d '{"name":"Tenali Ramakrishna", "gender":"male", "email":"[email protected]", "status":"active"}'

Update user

curl -i -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization: Bearer ACCESS-TOKEN" -XPATCH "https://gorest.co.in/public/v2/users/555" -d '{"name":"Allasani Peddana", "email":"[email protected]", "status":"active"}'

Delete user

curl -i -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization: Bearer ACCESS-TOKEN" -XDELETE "https://gorest.co.in/public/v2/users/555"

cUrl Examples for GraphQL

List users

curl -i -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization: Bearer ACCESS-TOKEN" -XPOST "https://gorest.co.in/public/v2/graphql" -d '{"query":"query{users {pageInfo {endCursor startCursor hasNextPage hasPreviousPage} totalCount nodes {id name email gender status}}}"}'

Get User

Create User

curl -i -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization: Bearer ACCESS-TOKEN" -XPOST "https://gorest.co.in/public/v2/graphql" -d '{"query":"mutation{createUser(input: {name: \"Tenali Ramakrishna\" gender: \"male\" email: \"[email protected]\" status: \"active\"}) {user{id name gender email status}}}"}'

Update User

curl -i -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization: Bearer ACCESS-TOKEN" -XPOST "https://gorest.co.in/public/v2/graphql" -d '{"query":"mutation{updateUser(input: {id: 555 name: \"Allasani Peddana\" email: \"[email protected]\" status: \"active\"}) {user{id name gender email status}}}"}'

Delete User

curl -i -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization: Bearer ACCESS-TOKEN" -XPOST "https://gorest.co.in/public/v2/graphql" -d '{"query":"mutation{deleteUser(input: {id: 555}){user {id name email gender status}}}"}'

REST API Http Response Codes

200: OK. Everything worked as expected.
201: A resource was successfully created in response to a POST request. The Location header contains the URL pointing to the newly created resource.
204: The request was handled successfully and the response contains no body content (like a DELETE request).
304: The resource was not modified. You can use the cached version.
400: Bad request. This could be caused by various actions by the user, such as providing invalid JSON data in the request body etc.
401: Authentication failed.
403: The authenticated user is not allowed to access the specified API endpoint.
404: The requested resource does not exist.
405: Method not allowed. Please check the Allow header for the allowed HTTP methods.
415: Unsupported media type. The requested content type or version number is invalid.
422: Data validation failed (in response to a POST request, for example). Please check the response body for detailed error messages.
429: Too many requests. The request was rejected due to rate limiting.
500: Internal server error. This could be caused by internal program errors.