Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


Build Status Build Status

Stable Version Latest Version PHP Version

This module provides:

  • a basic GraphQL implementation for the OXID eShop
  • authorization and authentication using JWT
  • a query to log you in and get a JWT for further authentication


  • Full documentation can be found here.
  • Schema documentation available here.


This assumes you have OXID eShop (at least OXID-eSales/oxideshop_ce: v6.8.0 component, which is part of the 6.3.0 compilation) up and running.

Branch Compatibility

  • master branch is compatible with latest shop compilations: 7.0.x and master
  • 6.x versions (or b-6.4.x branch) are compatible with latest shop compilations: 6.4.x resp. b-6.4.x shop compilation branches
  • 5.x versions (or b-6.3.x branch) are compatible with latest shop compilations: 6.3.x resp. b-6.3.x shop compilation branches (NOTE: no support for PHP 8 yet)


# Install desired version of oxid-esales/graphql-base module, in this case - latest released 6.x version
$ composer require oxid-esales/graphql-base ^6.0.0

After requiring the module, you need to activate it, either via OXID eShop admin or CLI.

$ ./bin/oe-console oe:module:activate oe_graphql_base

How to use

You can use your favourite GraphQL client to explore the API, if you do not already have one installed, you may use Altair GraphQL Client.

To login and retrieve a token send the following GraphQL query to the server

query {
    token (
        username: "admin",
        password: "admin"

You could simply just fire up your terminal and use curl to do a basic check if the GraphQL base module is up and running as epxected. To retrieve a valid token you need to replace the username and password below with valid login credentials.

$ curl http://oxideshop.local/graphql/ \
  -H 'Content-Type: application/json' \
  --data-binary '{"query":"query {token(username: \"admin\", password: \"admin\")}"}'

You should see a response similar to this:

    "data": {
        "token": "a-very-long-jwt"

This token is then to be send as your authorization with every request in the HTTP Authorization header like this:

Authorization: Bearer a-very-long-jwt

How to extend

The information on extending any module can be found in the OXID eSales documentation.

How to extend GraphQL module types and implement your new mutations and queries is shown in OXID GraphQL API documentation.


Linting, syntax check, static analysis and unit tests

$ composer test

Integration/Acceptance tests

  • install this module into a running OXID eShop
  • change the test_config.yml
    • add oe/graphql-base to the partial_module_paths
    • set activate_all_modules to true
$ ./vendor/bin/runtests


To report issues with GraphQL module please use the OXID eShop bugtracking system.


You like to contribute? 🙌 AWESOME 🙌
Go and check the contribution guidelines

Build with


GPLv3, see LICENSE file.