zMesh DocsDashboard

GraphQL API

Full GraphQL interface auto-generated from your database schema. Query, mutate, and introspect — alongside the REST Auto-API.

Endpoint

POST https://<subdomain>.zmesh.in/graphql

Auth via x-api-key header. Optionally pass a Bearer token for RLS context.

Queries

List Tables

query {
  tables {
    name
    rowCount
  }
}

Get Columns

query {
  columns(table: "users") {
    name
    dataType
    nullable
    isPrimaryKey
  }
}

Find Rows (with Filters)

query {
  find(
    table: "posts"
    where: { status: "published", views__gt: 100 }
    orderBy: "created_at.desc"
    limit: 10
    offset: 0
    select: "id,title,created_at"
  ) {
    data
    total
  }
}

Filter operators: __gt, __lt, __gte, __lte, __like, __neq

Find One by ID

query {
  findOne(table: "posts", id: "550e8400-e29b-41d4-a716-446655440000") {
    data
  }
}

Mutations

Insert

mutation {
  insert(
    table: "posts"
    data: { title: "Hello World", body: "My first post", status: "draft" }
  ) {
    success
    data
    affected
  }
}

Update

mutation {
  update(
    table: "posts"
    id: "550e8400-e29b-41d4-a716-446655440000"
    data: { status: "published" }
  ) {
    success
    data
    affected
  }
}

Delete

mutation {
  delete(
    table: "posts"
    id: "550e8400-e29b-41d4-a716-446655440000"
  ) {
    success
    data
    affected
  }
}

Row-Level Security

Pass a Bearer token alongside the API key to activate RLS. The token's sub claim is injected as app.user_id in PostgreSQL.

// Headers
x-api-key: zb_abc123...
Authorization: Bearer eyJhbGciOi...

cURL Example

curl -X POST https://abc123.zmesh.in/graphql \
  -H "x-api-key: zb_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"query": "{ tables { name rowCount } }"}'