Join us live as we unveil the all new Hygraph Studio!

Hygraph
Docs

API access

#Overview

Navigate to Project settings > Access > API Access to find your Project API access settings with endpoints, public content API permissions, and permanent auth tokens.

#Endpoints

This section contains the URL endpoints of your environments.

API Access - EndpointsAPI Access - Endpoints

EndpointDescription
Content APIRegular read & write endpoint that allows querying and mutating data in your project.
High Performance Read-only Content APIRead-only endpoint that allows low latency and high read-throughput content delivery.
AssetsProjects older than February 2024 use the Legacy asset system and will show an endpoint that allows uploading assets from your file system or from a remote URL. Newer projects use the Hygraph Asset Management system, which lets you upload assets via URL or file.
Management APIAPI handling all structural elements of a project, which can be utilized through the Management SDK.

Simply click on the URL you want to copy. A message will pop up on the lower right corner of your screen, letting you know the URL has been copied to clipboard.

#Public content API

Here you can configure public Content API access permissions for unauthenticated requests.

API Access - Public content APIAPI Access - Public content API

#Default stage for public content delivery

This section shows the default stage for public content delivery. If no stage parameter is set on the GraphQL query or additional HTTP header, then content from the selected default stage will be served. You can learn more about this in our Default public stage documentation.

API Access - Default stage for public content deliveryAPI Access - Default stage for public content delivery

To change the default change, click on Change default stage next to the stage tag, select one of the available stages, then click on Change to save.

#Content permissions

On this screen section you can view, edit, and delete existing content permissions, as well as add new ones.

API Access - Content permissionsAPI Access - Content permissions

Our document on Permissions contains more information on how they work.

Sort permissions

Use the Sort by dropdown menu at the top of the permissions table to sort models and actions. You can choose to sort them in ascending or descending alphabetical order.

API Access - Sort permissionsAPI Access - Sort permissions

Filter permissions

Click on + Filter permissions to access the following options:

FilterWhat it does
Filter by actionsClick on this option to then be able to select one of the permission actions listed in the table to filter by.
Filter by modelsClick on this option to then be able to select one of the models in your schema to filter by.
Filter by localesClick on this option to then be able to select one of the locales configured in your project to filter by.
Filter by stagesClick on this option to then be able to select one of the stages configured in your project to filter by.

Add permissions

To add a permission please click on + Add permission at the top right of the permissions table, then follow the Add content permissions flow.

Edit permissions

If a permission can be edited, you will find this option in the context menu to the left of the permissions table.

API Access - Edit permissionsAPI Access - Edit permissions

A popup will give you the option to update the permission by selecting a different locale or stage.

Delete permissions

Find the option to delete a permission in the context menu to the left of the permissions table.

API Access - Delete permissionsAPI Access - Delete permissions

As deletions are permanent actions that can't be rolled back, a popup will display informing you of this and you will need to confirm the deletion by clicking on Delete.

#Permanent Auth Tokens

Here you can configure tokens for permanent authorization for the content and management API.

API Access - Permanent Auth TokensAPI Access - Permanent Auth Tokens

Permanent Auth Tokens (PATs) are used for controlling access to querying, mutating content, and come in the form of Bearer token authentication.

The list displays all existing tokens related to your project. To copy a token, click on the copy icon at the right of the existing tokens table.

Access our documentation on Authorization to learn more about permanent auth tokens.

#Add tokens

To add a token, click on + Add token at the top of the tokens table. The following screen displays as a result:

API Access - Add TokensAPI Access - Add Tokens

Write a name for your token and, optionally a description. Use the radio buttons to select a default stage for content delivery, then click on Add & configure permissions to continue.

Your token details screen will display:

API Access - Token details screenAPI Access - Token details screen

On this screen, you can:

#Edit

Edit a token by selecting the Edit option in the context menu.

API Access - Edit tokenAPI Access - Edit token

The token details screen will display, where you can add new permissions associated to the token or edit existing ones, as shown in the previous document section.

#Delete tokens

Delete a token by selecting the Delete option in the context menu.

API Access - Delete tokenAPI Access - Delete token

You can also find this option inside the token details view you access when editing.

API Access - Delete tokenAPI Access - Delete token

Since deleting a token is a permanent action that cannot be rolled back, a popup will display notifying you of this, and you will have to click on Delete <token_name> to complete the process.

#Resources

You might find the following documents useful:

  • Permissions: This document contains information on permissions, how they work, and their limits.
  • Roles and permissions: This document contains information on how to work with roles and permissions in the Hygraph app.
  • Authorization: This document contains information on public API permissions, permanent auth tokens, and API endpoints.