customer360-api (GraphQL)
Customer 360 owns contacts, companies, segments, customer health, timeline activity, saved queries, and CX dashboard contracts.
Runtime
| Property | Current contract |
|---|---|
| Production API origin | https://cx-api.inblack.app |
| GraphQL | POST /graphql |
| GraphQL operations | 50: 28 queries and 22 mutations |
| HTTP registrations | 6 total; GraphQL and health are externally classified, while projection/identity routes remain internal or under source review |
cx.inblack.app is the Customer 360 SPA origin, not the API origin.
Example
curl https://cx-api.inblack.app/graphql \ -H "Authorization: Bearer <token>" \ -H "X-Tenant-ID: <tenant-id>" \ -H "Content-Type: application/json" \ -d '{"query":"{ contacts(page: 1, perPage: 5) { items { id displayName email } total page perPage } }"}'The schema’s contacts field is @authenticated. Health administration and other mutations carry their own role or permission directives. See the GraphQL operation reference for exact contracts.
Authorization
The GraphQL mount is wrapped by Portal authorization for product cx and module contacts. Tenant membership, entitlement, and field directives still apply. The internal identity/projection ingress is service-authenticated and is not an external customer API.
Agents default to CX MCP tools. A GraphQL operation’s presence does not imply that it is available in a tenant’s MCP catalog.