How to use GraphQL to fetch a list of records?

Hello,

I’m trying to get started with a fresh installation of 8.3 and would like to use GraphQL.

So I’m hitting:
url/api/graphql

{"errors":[{"message":"GraphQL query is not valid.","extensions":{"category":"user","status":400}}]}

And at:
url/docs/graphql

I see the Text Area but can’t load the documentation explorer as it seems.

Then I find a few GraphQL related topics here, mostly telling me to ‘look and copy the core code’.
Meaning? Where to look for?
In the JS Code? In which file would I find the token generation?

All I want is to create some (preferably Python - but PHP works as well if neccessary) scripts that can push data from my database into the CRM (and read it).

I found the string ‘api/graphql’ in

                class e {
                    constructor(e, t, n, r, i) {
                        this.auth = n, this.appStore = r, this.baseRoute = i;
                        let s = "./api/graphql";
                        s = this.baseRoute.calculateRoute(s);
                        const o = t.create({
                                uri: s,
                                withCredentials: !0
                            }),

But unfortunately, I find JS extremely hard to read - did this file get generated and is there sth. more readable (even if it’s only JS)?

Plenty of hits in /core/app/core/ as well - more readable. But where to start? Where do see one example of a working getting a token and using this for a GET on a module?

/core/app/core/src/lib/services/auth/auth.service.ts
seems to have some clues - but somehow, I get a 404 on Postman.

Is my endpoint wrong?
/api/graphql/login
/api/login
Seem to be wrong?

Anyone know a next step or an example?

Does anyone have “url/api/graphql” working?
I also just see the error as in the very first screenshot of @Chris138 :

{
“type”: “RFC 2616 - Hypertext Transfer Protocol -- HTTP/1.1”,
“title”: “An error occurred”,
“detail”: “Invalid CSRF token”
}

and “Error fetching schema”

This is the CSRF verification implemented for security purposes.

As a temporary workaround, I have disabled this error message by commenting out Line #95 in the following file:

<PROJECT_ROOT>/core/backend/Security/CSRFValidationListener.php

I shall update here once I find a permanent fix/alternative for it.