Authenticate with the API

All requests to the GraphQL API require a valid Bearer token in the Authorization header. You obtain this token by authenticating with the Legalesign Cognito endpoint using your API credentials.

API Credentials

Contact Legalesign support to obtain your API credentials:

Parameter	Description
Client ID	Your API application's identifier
Username	Your API user account username
Password	Your API user account password
Region	`eu-west-2`

Get an Access Token

Make a POST request to the Cognito endpoint:

POST / HTTP/1.1
Host: cognito-idp.eu-west-2.amazonaws.com
Content-Type: application/x-amz-json-1.1
X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuth

{
  "AuthFlow": "USER_PASSWORD_AUTH",
  "ClientId": "<your-client-id>",
  "AuthParameters": {
    "USERNAME": "<your-username>",
    "PASSWORD": "<your-password>"
  }
}

Response

{
  "AuthenticationResult": {
    "AccessToken": "eyJraWQi...<truncated>",
    "ExpiresIn": 3600,
    "TokenType": "Bearer"
  }
}

Use the Token

Include the access token in every GraphQL request:

POST /graphql HTTP/1.1
Host: graphql.uk.legalesign.com
Content-Type: application/json
Authorization: Bearer <access-token>

{"query": "{ user { id email } }"}

Token Expiry

Tokens expire after the period specified in ExpiresIn (in seconds). Long-running integrations should:

Cache the token and reuse it until it expires
Request a new token before or when the current one expires

tip

This is a standard HTTP POST — no vendor-specific SDK required. Any language that can make an HTTP request will work.

Language Examples

See the full tutorials for working code:

API Credentials​

Get an Access Token​

Response​

Use the Token​

Token Expiry​

Language Examples​

Export This Article