GraphQL recieves input and return results in json. So a Content-Type: application/json header is required.
Authorization is done with an Authorization header. Authorization: Bearer {apiToken}. Example: Authorization: Bearer my_api_token123456789
Example using curl:
curl https://graphql.ordrestyring.dk/graphql \
--request POST \
--data '{"query": "query { cases(pagination: {cursor: null, limit: 10}, orderBy: {field: "updatedAt", direction: DESC}) { items { id caseNumber } nextCursor previousCursor } }' \
-H "Accept: application/json" \
-H "Authorization: Bearer my_api_token123456789" \
-H "Content-Type: application/json"
Endpoints can be found in the GraphQL UI: GraphiQL UI.
GraphiQL is an interface which shows the available endpoints and also make it possible to test queries right in the browser.
Input your api key in the input field. You will find available endpoints on the right.
Cursor pagination is the recommended way for doing pagination using our api.
To get first page, set the cursor argument to null:
query {
cases(pagination: {cursor: null, limit: 10}, orderBy: {field: "updatedAt", direction: DESC}) {
items {
id
caseNumber
}
nextCursor
previousCursor
}
}
Then use the nextCursor from the result as the new cursor argument to get the next page:
query {
cases(pagination: {cursor: "eyJjYXNlcy51cGRhdGVkX2F0IjoxNjMzMDczMDA1LCJjYXNlcy5pZCI6NzI5OCwiX3BvaW50c1RvTmV4dEl0ZW1zIjp0cnVlfQ", limit: 10}, orderBy: {field: "updatedAt", direction: DESC}) {
items {
id
caseNumber
}
nextCursor
previousCursor
}
}
query {
cases(pagination: {cursor: null, limit: 10}, orderBy: {field: "updatedAt", direction: DESC}) {
items {
id
caseNumber
}
nextCursor
previousCursor
}
}
mutation($id: Int!, $input: UpdateUserInput!) {
updateUser(id: $id, input: $input) {
id
}
}
curl -X POST \
https://graphql.ordrestyring.dk/graphql \
-H 'Cache-Control: no-cache' \
-H 'content-type: multipart/form-data;' \
-F 'operations={"query":"mutation ($file: Upload!) { uploadCaseDocument(input: {caseId: 10, file: $file}) {id}}","variables":{}}' \
-F 'map={"0":["variables.file"]}' \
-F 0=@"C:/Users/cn/Desktop/xml_with_multipage_tiff.xml" \
-H "Authorization: Bearer lol" \
-H "Accept: application/json" \
An error has occurred if the returned response include an 'errors'-key.
This also applies for responses returned with status code 2**
The errors-key will include an array of errors.
{
"errors": [
{
"message": "validation",
"locations": [
{
"line": 2,
"column": 3
}
],
"type": "ValidationError",
"validation": {
"id": [
"The selected id is invalid."
]
}
}
],
"data": {
"caseById": null
}
}
The API is rate limited to prevent misuse. All limits are enforced per partner using Redis.
General API — applies to all authenticated requests:
| Period | Limit |
|---|---|
| Weekdays 05:30–23:59 | 1,000 requests / minute |
| Nightly 00:00–05:30 | 4,500 requests / minute |
| Weekends | 4,500 requests / minute |
Higher limits apply during off-peak hours to accommodate batch jobs and integrations.
Fallback throttle — a hard cap of 60 requests / minute applies to all routes regardless of authentication status.
Every response includes the following headers:
| Header | Description |
|---|---|
X-RateLimit-Limit |
Maximum number of requests allowed in the current window |
X-RateLimit-Remaining |
Number of requests remaining in the current window |
When the rate limit is exceeded, the response will also include:
| Header | Description |
|---|---|
Retry-After |
Number of seconds to wait before retrying |
When the rate limit is reached the API returns HTTP 429 with the following body:
{
"errors": [
{
"message": "Too Many Attempts.",
"type": "ThrottleRequestsException"
}
],
"data": null
}
Questions can be sent to api@ordrestyring.dk