# Makula

### Authentication

Makula uses 2 tokens. One short lived and a refresh token. When the short-lived token expires. Makula checks the validity of the refresh token and refreshes both tokens if it is valid. Expiration is:

* Short-lived token: 6 minutes
* Refresh token: 7 days

Both tokens are sent from the client to the server. Server send tokens to the client only after login or if they get refreshed.

Base domains:

* Production <https://api.makula.io/graphql>
* Staging <https://oem-staging.makula.io/graphql>

### Manipulating requests

#### 1. Pagination

Makula uses filter on queries with skip and limit like MongoDB.

#### 2. Sorting

One can sort by multiple fields.

#### 3. Filtering

Filtering works with: sort, skip, limit, ne, gt, gte, lt, lte, in, nin, contains, matches

### Further information

Makula uses roles and permissions that are not documented on the API endpoints yet. For example only certain roles can perform specific queries or mutations.