This guide is for external developers integrating with ActivityManager's GraphQL API.

Base Endpoint

• GraphQL: https://api.activitymanager.online/graphql
• Method: POST
• Content type: application/json

Authentication

1. Call signIn(input: CreateAuthInput!)
2. Read accessToken from AuthPayload
3. Send header on subsequent requests:

Authorization: Bearer <accessToken>

Core Conventions

• IDs use GraphQL ID
• Count-like values use Int
• Status/sort values use enums (not free-form strings)
• Payment credentials are never exposed in query outputs
• Cursor pagination is standard (first/after/last/before)
• Auth signup is self-serve with email token onboarding (no manual admin activation)

Minimal Query Example

query AccountById($id: ID!) {
  account(id: $id) {
    id
    email
    firstName
    lastName
    accountType
  }
}

Accounts Query Names (v1)

• account(id: ID!)
• accounts
• accountsPaginated(input: AccountsQueryInput!)

Legacy getAccountById/getAllAccounts/getAccountsPaginated names are removed.

Minimal Sign-In Example

mutation SignIn($input: CreateAuthInput!) {
  signIn(input: $input) {
    accessToken
    user {
      id
      email
      accountType
    }
  }
}

Variables:

{
  "input": {
    "email": "owner@example.com",
    "password": "your-password"
  }
}

Public API Readiness Checklist

• Secret values removed from output models
• Naming normalized for query/mutation arguments
• Strong typing applied to IDs, counts, sort fields, and statuses
• Deprecated fields clearly marked for migration

Rate Limiting

• Public GraphQL API traffic is rate-limited by server policy.
• Default policy is conservative and configurable by superadmin in admin UI:
• Accounts -> API Rate Limits
• Supports per-business overrides by providing a business account ID in the admin rate-limit screen.
• Exceeding the limit returns 429 Too Many Requests.

See Also

• Technical docs
• Bookings and checkout
• Payments