API
For simple integrations, we recommend using the make.com integration, which we regularly maintain.
If you want to program your own integration, here you will find the basic necessary information.
Basic Information
Costlocker currently offers 2 APIs - REST and GraphQL.
REST API
The original Costlocker API, whose operation will be terminated on March 31, 2025.
You can find the original documentation on Apiary 🔗.
If you need help migrating to the new API, please contact our support.
GraphQL
Costlocker now uses the GraphQL API, which powers our Frontend - you can use it to perform anything available in the user interface.
GraphQL documentation is available directly at the API endpoint itself - https://api.costlocker.com/graphql 🔗
Authorization
The GraphQL API utilizes two methods of authorization:
API Token
The basic form uses the Personal API Token for authorization. To authorize, you need to use the following header:
JWT Token
The second option uses a JWT Token, generated by the backend upon login (mutation Login). It uses a set of two headers:
With the JWT Token, the Person-Id header is also used because Costlocker is a multi-tenant platform, allowing you to have multiple accounts under a single login. The Person ID is the ID from the People module (visible in the URL parameter).
Deprecation and Warning Handling
The GraphQL API does not use versioning but instead marks individual queries/mutations or fields as deprecated and subsequently removes them.
To monitor these changes, we recommend implementing warning logging into a logging tool, such as Sentry 🔗.
All responses from the Costlocker API may include Extensions 🔗 with a warnings attribute.
Warnings then contain information about the deprecation of the queries/mutations or their fields you are using:
Deprecation information is formatted as follows:
For example:
Migration to GraphQL is not yet complete - if you do not find the necessary endpoint that would be equivalent to the original REST API, please contact us.
Last updated