Authorize Your Code

Any request to the GraphQL API needs a valid Bearer token. You'll authenticate using the Cognito InitiateAuth endpoint — no vendor-specific SDK required, just HttpClient.

Getting the Authentication Token

Here's the general-purpose code for getting your authentication token. You don't need to copy this into your project yet — we'll provide a complete sample in the next step.

LegalesignAuth.cs

using System.Text;
using System.Text.Json;

static async Task<string> GetTokenAsync(HttpClient httpClient)
{
    var requestBody = new
    {
        AuthFlow = "USER_PASSWORD_AUTH",
        ClientId = "<your-client-id>",
        AuthParameters = new
        {
            USERNAME = "<your-username>",
            PASSWORD = "<your-password>"
        }
    };

    var request = new HttpRequestMessage
    {
        Method = HttpMethod.Post,
        RequestUri = new Uri("https://cognito-idp.eu-west-2.amazonaws.com"),
        Content = new StringContent(JsonSerializer.Serialize(requestBody), Encoding.UTF8, "application/x-amz-json-1.1")
    };
    request.Headers.Add("X-Amz-Target", "AWSCognitoIdentityProviderService.InitiateAuth");

    var response = await httpClient.SendAsync(request);
    response.EnsureSuccessStatusCode();

    var json = await response.Content.ReadAsStringAsync();
    var doc = JsonSerializer.Deserialize<JsonElement>(json);
    return doc.GetProperty("AuthenticationResult").GetProperty("AccessToken").GetString()!;
}

The response contains an AccessToken valid for the current session. Long-running code should check that the token is still valid and re-authenticate when needed.

note

Contact Legalesign support to obtain your Client ID, username, and password. See the authentication guide for details. In production, store credentials in environment variables or a secret manager.