GraphQL API auth is the same as Salesforce REST APIs. For detailed information, see Authorization Through Connected Apps and OAuth 2.0 in REST API Developer Guide.

To learn how to set up authorization for GraphQL, use a Quick Start.

To successfully send requests, GraphQL API requires an access token obtained by authentication. The Quick Starts authenticate via Salesforce CLI. For production apps, we recommend that you use your own connected app and an OAuth authorization flow that fits your specific use case.