API access
#Overview
Navigate to Project settings > Access > API Access to find your Project API access settings with endpoints, public content API permissions, and permanent auth tokens.
#Endpoints
This section contains the URL endpoints of your environments.
API Access - Endpoints
| Endpoint | Description |
|---|---|
| Content API | Regular read & write endpoint that allows querying and mutating data in your project. |
| High Performance Content API | Endpoint that allows low latency and high read-throughput content delivery. |
| Asset Upload API | Projects older than February 2024 use the Legacy asset system and will show an endpoint that allows uploading assets from your file system or from a remote URL. Newer projects use the Hygraph Asset Management system, which lets you upload assets via URL or file. |
| Management API | API handling all structural elements of a project, which can be utilized through the Management SDK. |
Simply click on the URL you want to copy. A message will pop up on the lower right corner of your screen, letting you know the URL has been copied to clipboard.
#Public content API
Here you can configure public Content API access permissions for unauthenticated requests.
API Access - Public content API
#Default stage for public content delivery
This section shows the default stage for public content delivery. If no stage parameter is set on the GraphQL query or additional HTTP header, then content from the selected default stage will be served. You can learn more about this in our Default public stage documentation.
API Access - Default stage for public content delivery
To change the default change, click on Change default stage next to the stage tag, select one of the available stages, then click on Change to save.
#Content permissions
On this screen section you can view, edit, and delete existing content permissions, as well as add new ones.
API Access - Content permissions
Our document on Permissions contains more information on how they work.
#Sort permissions
Use the Sort by dropdown menu at the top of the permissions table to sort models and actions. You can choose to sort them in ascending or descending alphabetical order.
API Access - Sort permissions
#Filter permissions
Click on + Filter permissions to access the following options:
| Filter | What it does |
|---|---|
| Filter by actions | Click on this option to then be able to select one of the permission actions listed in the table to filter by. |
| Filter by models | Click on this option to then be able to select one of the models in your schema to filter by. |
| Filter by locales | Click on this option to then be able to select one of the locales configured in your project to filter by. |
| Filter by stages | Click on this option to then be able to select one of the stages configured in your project to filter by. |
#Add permissions
To add a permission please click on + Add permission at the top right of the permissions table, then follow the Add content permissions flow.
#Edit permissions
If a permission can be edited, you will find this option in the context menu to the left of the permissions table.
API Access - Edit permissions
A popup will give you the option to update the permission by selecting a different locale or stage.
#Delete permissions
Find the option to delete a permission in the context menu to the left of the permissions table.
API Access - Delete permissions
As deletions are permanent actions that can't be rolled back, a popup will display informing you of this and you will need to confirm the deletion by clicking on Delete.
#Permanent Auth Tokens
Here you can configure tokens for permanent authorization for the content and management API.
API Access - Permanent Auth Tokens
Permanent Auth Tokens (PATs) are used for controlling access to querying, mutating content, and come in the form of Bearer token authentication.
The list displays all existing tokens related to your project. To copy a token, click on the copy icon at the right of the existing tokens table.
Access our documentation on Authorization to learn more about permanent auth tokens.
#Add tokens
To add a token, click on + Add token at the top of the tokens table. The following screen displays as a result:
API Access - Add Tokens
Write a name for your token and, optionally a description. Use the radio buttons to select a default stage for content delivery, then click on Add & configure permissions to continue.
Your token details screen will display:
API Access - Token details screen
On this screen, you can:
- Configure content API access: You can initialize default permissions or create your own custom ones. The flow for adding content permissions to a token is the same as when giving content permissions to a custom role.
- Configure Management API permissions: You can use the buttons to initialize defaults or create custom permissions. The creation of custom permissions follows this Edit permissions flow.
#Edit
Edit a token by selecting the Edit option in the context menu.
API Access - Edit token
The token details screen will display, where you can add new permissions associated to the token or edit existing ones, as shown in the previous document section.
#Delete tokens
Delete a token by selecting the Delete option in the context menu.
API Access - Delete token
You can also find this option inside the token details view you access when editing.
API Access - Delete token
Since deleting a token is a permanent action that cannot be rolled back, a popup will display notifying you of this, and you will have to click on Delete <token_name> to complete the process.
#Resources
You might find the following documents useful:
- Permissions: This document contains information on permissions, how they work, and their limits.
- Roles and permissions: This document contains information on how to work with roles and permissions in the Hygraph app.
- Authorization: This document contains information on public API permissions, permanent auth tokens, and API endpoints.