The transfer mutation is a privileged API that allows the application backend to transfer an NFT to a user. This API is designed to be securely used from a backend so you'll need to use a privileged token in order to use it.

The transfer API kicks off the following operations:

• Takes in the ID of the NFT or NFTModel to transfer. If an NFTModel is specified, the API selects an NFT from the NFTModel.

• Mints the NFT if it hasn't already been minted, and

• Transfers the minted NFT to the user's wallet

Since these can be time-consuming operations, the transfer API schedules the work to happen asynchronously, and returns back the NFT that will be transferred to the user. The NFT's status field tells you what is going on.

mutation transferNFTToUser($nftModelId: ID!, $userId: ID!) {
  transfer(nftModelId: $nftModelId, userId: $userId) {
    id
    status
  }
}

const handler: NextApiHandler = async (req, res) => {
  const { nftModelId, userId } = req.query;

  if (req.method !== "POST") {
    res.status(405).end();
    return;
  }

  const signedIn = !!getToken({ req });
  if (!signedIn) {
    res.status(401).send("You must be signed in to transfer NFTs");
  }

  if (!nftModelId) {
    res.status(400).send("nftModelId is required");
    return;
  }

  const client = await getBackendGraphQLClient();
  const sdk = getSdk(client);

  const data = await sdk.transferNFTToUser({
    nftModelId: nftModelId as string,
    userId: userId as string,
  });

  res.status(200).json(data);
};

Follow the sample app's structure for an example on how to invoke the transfer mutation.