API Key authentication returns different GraphQL schema than session token
Hi, I'm running a self-hosted instance of Twenty CRM (latest Docker image) and I'm trying to query the GraphQL API from n8n (an automation platform) using an API key.
When I send a GraphQL query (e.g. fetching tasks) using my API key via the Authorization: Bearer header, I get the following error:
"Cannot query field 'tasks' on type 'Query'"
However, the exact same query works perfectly in the GraphQL Playground in Twenty's settings, using the same endpoint (https://[my-domain]/graphql).
What I've done so far:
- The API key authentication reaches the server successfully – the query { __typename } returns "Query" with the API key
- GraphQL introspection is disabled for API keys, so I can't inspect the available schema
- When inspecting the network traffic from the GraphQL Playground, I noticed that the Playground uses a session token (type: ACCESS) rather than the API key (type: API_KEY)
- The session token works and returns tasks data correctly
- The API key does not return tasks data, suggesting it's being routed to a different schema context (possibly Metadata instead of Core)
My setup:
- Self-hosted Twenty CRM (v1.18.1)
- Self-hosted n8n (2.7.4)
- Querying from n8n via HTTP Request node
- Headers sent: Authorization: Bearer [api-key], Content-Type: application/json
- Endpoint: POST https://[my-domain]/graphql
- Query: { tasks(first: 1) { edges { node { id title updatedAt } } } }
My questions:
1. Is there a different endpoint or additional header required to access the Core schema (workspace data) using an API key?
2. Is querying tasks via API key supported, or is it only available via session tokens?
3. Is there a recommended way to authenticate external automation tools (like n8n) to query workspace data such as tasks?
I have a working webhook flow from Twenty to n8n, but I need to be able to query back to Twenty after a delay to fetch fresh data.
Any help appreciated.
/Johan
When I send a GraphQL query (e.g. fetching tasks) using my API key via the Authorization: Bearer header, I get the following error:
"Cannot query field 'tasks' on type 'Query'"
However, the exact same query works perfectly in the GraphQL Playground in Twenty's settings, using the same endpoint (https://[my-domain]/graphql).
What I've done so far:
- The API key authentication reaches the server successfully – the query { __typename } returns "Query" with the API key
- GraphQL introspection is disabled for API keys, so I can't inspect the available schema
- When inspecting the network traffic from the GraphQL Playground, I noticed that the Playground uses a session token (type: ACCESS) rather than the API key (type: API_KEY)
- The session token works and returns tasks data correctly
- The API key does not return tasks data, suggesting it's being routed to a different schema context (possibly Metadata instead of Core)
My setup:
- Self-hosted Twenty CRM (v1.18.1)
- Self-hosted n8n (2.7.4)
- Querying from n8n via HTTP Request node
- Headers sent: Authorization: Bearer [api-key], Content-Type: application/json
- Endpoint: POST https://[my-domain]/graphql
- Query: { tasks(first: 1) { edges { node { id title updatedAt } } } }
My questions:
1. Is there a different endpoint or additional header required to access the Core schema (workspace data) using an API key?
2. Is querying tasks via API key supported, or is it only available via session tokens?
3. Is there a recommended way to authenticate external automation tools (like n8n) to query workspace data such as tasks?
I have a working webhook flow from Twenty to n8n, but I need to be able to query back to Twenty after a delay to fetch fresh data.
Any help appreciated.
/Johan
