How do you connect to the GraphQL explorer on Realm Cloud?



I am trying to connect to the GraphQL explorer on my Realm Cloud instance. How do I do this? The documentation says “If you’re using Chrome, you can use an extension, such as ModHeader to inject the header into your requests”. What header fields are needed? I have tried a bunch of different variants but all fail with the message “The token data could not be verified against its signature”


The header you need is Authorization. The URL will be something like


Yes, you need to set the authorization header and pass in an access token obtained by authenticating against ROS. You can read more about it in the Authentication section of the GraphQL service docs.


Thanks! I will try that. I did look thorugh the documentation at, but it doesn’t seem complete.


Hi @nirinchev , I’m posting the username/password in the recommended payload to get a refresh token to but am receiving “The authorization header is missing”

What do I need to pass in the authorisation header in order to get an access or refresh token?


You should be posting it to instance-url/auth not instance-url/graphql/auth.


Thanks @nirinchev, I just tried that URL with the recommended payload and received:

    "type": "",
    "title": "Your request did not validate because of missing parameters.",
    "status": 400,
    "code": 602,
    "invalid_params": [
            "name": "provider",
            "reason": "Missing parameter 'provider'!"

The provider is being passed in the body payload as per the instructions, does it need to be sent in another method as well?


You need to end the request body as application/json


@seann I’m terribly sorry, this must have flown under my radar. Did you manage to get it working? As @mbritto said, it could be caused by an incorrect content-type header, but if you share the payload of your request (you can obfuscate passwords/usernames), it’d be easier to spot what’s wrong with it.


The documentation says we should set Authorization header like this :


But when we do (and replace ACCESS_TOKEN.TOKEN with our long token), we get this error from the server : “The tokenString parameter does not have 2 parts separated by a colon (’:’)

Has something changed on the expected format for the header ?


Not really - this code path hasn’t changed in a very long time. Are you sure you’re copying the entire access token and not just half of it? E.g. this is how an access token for one of my instances looks like:


Notice how it’s composed of two segments with a colon between them. Does your token have a similar format?


:scream: Paw was truncating it in JSON mode, after choosing raw response mode I could see the whole token, with the colon.
Thanks you saved me :slight_smile:


Unfortunately we didn’t @nirinchev - we managed to alter our program’s script to expose the admin token in the user interface in a custom version so I haven’t again tested the method described in the docs. Thanks for following up though.

Do you know how I would be able to expose access/refresh tokens using browser HTTP requests and/or ModHeader/Postman?


I’m not sure what exposing the tokens means here. You can execute the requests in Postman and retrieve the tokens from the responses. You can then paste them in ModHeader. Are you asking for something more automated or?