Authorization
GraphQL API auth is the same as other Salesforce REST APIs. For more information, see OAuth and Connect REST API in Connect REST API Developer Guide.
To learn how to set up authorization for GraphQL, use a Quick Start.
To successfully send requests, GraphQL API requires an access token obtained by authentication. The Quick Starts authenticate via Salesforce CLI. For production apps, we recommend that you use your own external client app and an OAuth authorization flow that fits your specific use case.