The Client API is designed for use in client-side environments such as web or mobile apps. It powers user-facing auction interactions and supports both public reads and authenticated user actions.
π§ Access Modes
Mode | Use Case | Auth Mechanism |
Public | Unauthenticated reads on auction objects. | No auth required |
Authenticated (User) | Placing bids, receiving user-scoped subscriptions | JWT in Authorization header |
π Bidder Tokens (JWT)
Since Basta does not manage users for integrating businesses, businesses generate their own bidder tokens via the Management API.
These JWT tokens:
- Contain a
userIdandttl
- Give user permissions to make bids
- Are added to the
Authorizationheader on Client API requests
Example Header:
json"Authorization": "Bearer <BIDDER_JWT>"
π The userId embedded in the token is used to resolve bids and subscriptions in the user's context.
π‘ Capabilities
- Unauthenticated Queries
Retrieve auction listings, timing details, bid history, etc.
- Authenticated Mutations
Place bids via
BidOnItem using a bidder token- User-Scoped Subscriptions (websockets)
Subscribe to auction events in real-time, filtered by
userId in tokenπ GraphQL Explorer: client.api.basta.app
β Summary
The Client API offers full auction interactivity while keeping your usersβ identity management under your control. Basta provides a secure and flexible token-based mechanism that fits well with existing auth stacks.