Easily restore your project to a previous version with our new Instant One-click Backup Recovery
Hygraph
Docs

API access

#Overview

Navigate to Project settings > Access > API Access to find your Project API access settings with endpoints, content API permissions, and permanent auth tokens.

#Endpoints

This section contains the URL endpoints of your environments.

API Access - EndpointsAPI Access - Endpoints

EndpointDescription
Content APIRegular read & write endpoint that allows querying and mutating data in your project. Hygraph Studio does not display this legacy endpoint.
High Performance Content APIEndpoint that allows low latency and high read-throughput content delivery.
Asset Upload APIProjects older than February 2024 use the Legacy asset system and will show an endpoint that allows uploading assets from your file system or from a remote URL. Newer projects use the Hygraph Asset Management system, which lets you upload assets via URL or file.
Management APIAPI handling all structural elements of a project, which can be utilized through the Management SDK.

Simply click on the URL you want to copy. A message will pop up on the lower right corner of your screen, letting you know the URL has been copied to clipboard.

#Content API

Here you can configure Content API access permissions for unauthenticated requests.

API Access - Content APIAPI Access - Content API

#Default stage for public content delivery

This section shows the default stage for public content delivery. If no stage parameter is set on the GraphQL query or additional HTTP header, then content from the selected default stage will be served. You can learn more about this in our Default public stage documentation.

API Access - Default stage for public content deliveryAPI Access - Default stage for public content delivery

To change the default change, click on Change default stage next to the stage tag, select one of the available stages, then click on Change to save.

#Content permissions

On this screen section you can view, edit, and delete existing content permissions, as well as add new ones.

API Access - Content permissionsAPI Access - Content permissions

Our document on Permissions contains more information on how they work.

#Sort permissions

Use the Sort by dropdown menu at the top of the permissions table to sort models and actions. You can choose to sort them in ascending or descending alphabetical order.

API Access - Sort permissionsAPI Access - Sort permissions

#Filter permissions

Click on + Filter permissions to access the following options:

FilterWhat it does
Filter by actionsClick on this option to then be able to select one of the permission actions listed in the table to filter by.
Filter by modelsClick on this option to then be able to select one of the models in your schema to filter by.
Filter by localesClick on this option to then be able to select one of the locales configured in your project to filter by.
Filter by stagesClick on this option to then be able to select one of the stages configured in your project to filter by.

#Add permissions

To add a permission please click on + Add permission at the top right of the permissions table, then follow the Add content permissions flow.

#Edit permissions

If a permission can be edited, you will find this option in the context menu to the left of the permissions table.

API Access - Edit permissionsAPI Access - Edit permissions

A popup will give you the option to update the permission by selecting a different locale or stage.

#Delete permissions

Find the option to delete a permission in the context menu to the left of the permissions table.

API Access - Delete permissionsAPI Access - Delete permissions

As deletions are permanent actions that can't be rolled back, a popup will display informing you of this and you will need to confirm the deletion by clicking on Delete.

#Permanent Auth Tokens

Here you can configure tokens for permanent authorization for the content and management API.

API Access - Permanent Auth TokensAPI Access - Permanent Auth Tokens

Permanent Auth Tokens (PATs) are used for controlling access to querying, mutating content, and come in the form of Bearer token authentication.

The list displays all existing tokens related to your project. To copy a token, click on the copy icon at the right of the existing tokens table.

Access our documentation on Authorization to learn more about permanent auth tokens.

#Add tokens

To add a token, click + Add token at the top of the tokens table:

API Access - Add TokensAPI Access - Add Tokens

Write a name for your token and, optionally a description. Use the radio buttons to select a default stage for content delivery, then click on Add & configure permissions to continue.

Your token details screen will display:

API Access - Token details screenAPI Access - Token details screen

On this screen, you can:

#Content permissions

PAT - content permissions permissionsPAT - content permissions permissions

When you create a PAT, default content permissions are activated. You can configure content API access:

  • The default stage for content delivery is PUBLISHED. To change this, click Change default stage and select a different stage from the ones configured in your project.
  • Default content permissions grant Read access on all Models for all Locales. To edit this, click +Add permission.

#Management API Permissions

To edit Management API Permissions, use the switches. By default, the screen shows only the permissions that are enabled, to see the full list click on Show all permissions at the top of the form.

Edit Management API permissionsEdit Management API permissions

  • Basic permissions are selected by default, as they are necessary for the user to view the UI correctly. You can edit this - if needed - and select other permissions as well.
  • If you use the checkboxes to select more than one of the enabled permissions, the Disable selected bulk action appears at the top of the table.
  • If you use the checkboxes to select more than one of the disabled permissions, the Enable selected bulk action appears at the top of the table.
  • The Show all permissions link at the top of the table displays all permissions, enabled and disabled. After clicking on it, the link at the top of the table will say Show enabled permissions, and clicking on it returns you to the view where only enabled permissions are visible.

#Edit tokens

Access the edit view of a token by clicking on it on the table, or by selecting the Edit option in the context menu.

API Access - Edit tokenAPI Access - Edit token

The token details screen will display, where you can add new permissions associated to the token or edit existing ones, as shown in the previous document section.

#Delete tokens

Delete a token by selecting the Delete option in the context menu.

API Access - Delete tokenAPI Access - Delete token

You can also find this option inside the token details view you access when editing.

API Access - Delete tokenAPI Access - Delete token

Since deleting a token is a permanent action that cannot be rolled back, a popup will display notifying you of this, and you will have to click on Delete <token_name> to complete the process.

#Resources

You might find the following documents useful:

  • Permissions: This document contains information on permissions, how they work, and their limits.
  • Roles and permissions: This document contains information on how to work with roles and permissions in the Hygraph app.
  • Authorization: This document contains information on public API permissions, permanent auth tokens, and API endpoints.