Signing Requests
Once you've authenticated a user and have the JWT to hand, you're ready to start signing your requests.
JWT tokens currently need to be passed into the Authorization
header as follows:
Authorization: JWT ${token}
Craft has its own internal logic for validating GraphQL authorization headers, so if it's passed in as Authorization: Bearer ${token}
, it will step in and throw an Invalid Authorization Header
error.