The GraphQL feature in Orchard Core CMS includes GraphiQL, which is a snazzy GraphQL IDE that allows you to create and run GraphQL queries in the Orchard Core CMS administrative backend. However, it might not be obvious to you at the time, but the reason you can use GraphiQL and run the GraphQL queries is because you have the proper permissions. Most likely you have been assigned the Administrator role in Orchard Core, which by default gives you the ability to both execute GraphQL queries and GraphQL mutations.
Immediately after using GraphiQL, most Orchard Core Developers want to try the GraphQL API in Orchard Core CMS to run queries from Postman or similar API client. Unless you have the proper permissions, however, it won't work, and the GraphQL API hasn't always been forthcoming when it comes to letting you know it's a permissions problem.
If you're just getting your feet wet with GraphQL and the GraphQL API in Orchard Core using a test Orchard Core CMS Website, you can give the Anonymous Role permissions to execute GraphQL queries and mutations. This will allow you to sidestep OpenId or other authentication method for testing purposes. Once the Anonymous role in Orchard Core has permissions to execute GraphQL queries, you can easily execute the queries using the GraphQL API via Postman or other API client.