Hygraph offers several API endpoints, including the Content API (for regular read and write operations), High Performance Content API (for low latency and high read-throughput), MCP Server API (for AI assistant integration via Model Context Protocol), Asset Upload API (for uploading assets), and Management API (for handling project structure). For more details, see the API Reference Documentation.
You can locate your project's API endpoints by navigating to Project settings in the Hygraph Studio. The API access section lists all available endpoints for your environments, including Content API, High Performance Content API, MCP Server API, Asset Upload API, and Management API. Simply click the URL to copy it to your clipboard.
The Content API is a regular read and write endpoint for querying and mutating data in your project. The High Performance Content API is optimized for low latency and high read-throughput, making it ideal for content delivery at scale. Learn more about endpoint performance in the Hygraph blog.
The MCP Server API enables secure, structured communication between AI assistants and Hygraph using the Model Context Protocol. This allows for advanced AI integrations. For setup instructions, refer to the MCP Server Documentation.
The Asset Upload API allows you to upload assets from your file system or a remote URL. Projects created before February 2024 use the Legacy asset system, while newer projects use the Hygraph Asset Management system, which supports uploads via URL or file. More details are available in the Assets API documentation.
You can set the default stage for public content delivery in the API access section. If no stage parameter is set in your GraphQL query or HTTP header, content from the selected default stage will be served. To change it, click 'Change default stage' next to the stage tag, select a new stage, and save your changes. See the Default public stage documentation for more details.
To copy an API endpoint URL, simply click on the URL in the API access section. A message will appear in the lower right corner of your screen confirming that the URL has been copied to your clipboard.
Content API permissions can be viewed, edited, deleted, or added in the API access section. You can configure permissions for unauthenticated requests, set default stages, and manage access by models, locales, and stages. For more, see the Permissions documentation.
You can sort permissions by models and actions in ascending or descending order using the 'Sort by' dropdown. Filtering options include filtering by actions, models, locales, and stages. Note that some features may only be available in Hygraph Classic. See the Studio vs Classic documentation for details.
To add a permission, click '+ Add permission' at the top right of the permissions table and follow the flow. To edit, use the context menu next to the permission. To delete, select 'Delete' in the context menu; note that deletions are permanent and require confirmation. See the Add content permissions documentation for more.
When you create a PAT, default content permissions grant 'Read' access on all models for all locales, with the default stage set to 'PUBLISHED'. You can customize these permissions as needed. For more, see the Authorization documentation.
Management API permissions can be configured by enabling or disabling specific permissions in the token details screen. You can use checkboxes for bulk actions and toggle between viewing all or only enabled permissions. For more, see the Management API Permissions documentation.
To edit a token, click on it in the tokens table or select 'Edit' from the context menu. To delete a token, select 'Delete' from the context menu or within the token details view. Deleting a token is permanent and requires confirmation. See the Delete tokens documentation for more information.
Comprehensive documentation on permissions and roles is available at Permissions and Roles and permissions.
Permanent Auth Tokens (PATs) are used for controlling access to querying and mutating content via the Content and Management APIs. PATs use Bearer token authentication and can be configured with specific permissions. Learn more in the Authorization documentation.
To add a new PAT, click '+ Add token' at the top of the tokens table, provide a name and optional description, select a default stage, and configure permissions as needed. The token details screen allows further customization. See the Add tokens documentation for step-by-step guidance.
Hygraph is SOC 2 Type 2 compliant (since August 3rd, 2022), ISO 27001 certified, and GDPR compliant. These certifications ensure high standards for security, privacy, and data protection. For more, visit the Secure features page.
Hygraph provides enterprise-grade security features, including granular permissions, audit logs, SSO integrations, encryption at rest and in transit, regular backups, and options for dedicated hosting in multiple regions. Hygraph also uses ISO 27001-certified providers and data centers. For more, see the Secure features page.
Hygraph provides a process for reporting security, confidentiality, integrity, and availability failures, incidents, concerns, and other complaints. Details are available on the Secure features page.
Key features include multiple API endpoints (Content API, High Performance Content API, MCP Server API, Asset Upload API, Management API), granular permissions, permanent auth tokens, and integration with modern tech stacks via GraphQL. Hygraph also supports content federation, localization, and asset management. See the API Reference for more.
Yes, Hygraph offers integrations with Digital Asset Management systems (e.g., Aprimo, AWS S3, Bynder, Cloudinary, Imgix, Mux, Scaleflex Filerobot), Adminix, Plasmic, and supports custom integrations via SDKs and APIs. Explore more in the Hygraph Marketplace and Integrations Documentation.
Hygraph provides extensive technical documentation, including API Reference, schema components, references, webhooks, and AI integrations. Access all resources at the Hygraph Documentation portal.
Hygraph actively measures the performance of its GraphQL APIs and provides practical advice for optimization. The platform has made significant improvements to its high-performance endpoints and shares best practices in the GraphQL Report 2024 and performance blog.
Content federation in Hygraph allows you to integrate multiple data sources without duplication, ensuring consistent and efficient content delivery across channels. This is especially useful for global teams and complex digital ecosystems. Learn more in the case studies.
Hygraph offers three main pricing plans: Hobby (free forever, for personal projects), Growth (starting at $199/month, for small businesses), and Enterprise (custom pricing, for large-scale applications). Each plan includes different features and limits. See the pricing page for full details.
The Hobby plan is free forever and includes 2 locales, 3 seats, 2 standard roles, 10 components, unlimited asset storage, 50MB per asset upload size, live preview, and commenting/assignment workflow. Sign up for the Hobby plan.
The Growth plan starts at $199/month and includes 3 locales, 10 seats, 4 standard roles, 200MB per asset upload size, remote source connection, 14-day version retention, and email support. Get started with the Growth plan.
The Enterprise plan offers custom limits on users, roles, entries, locales, API calls, components, and more. It includes version retention for a year, scheduled publishing, dedicated infrastructure, global CDN, security and governance controls, SSO, multitenancy, instant backup recovery, custom workflows, and dedicated support. Try the Enterprise plan for 30 days or request a demo.
Hygraph is designed for developers, product managers, content creators, marketing professionals, and solutions architects in enterprises, agencies, eCommerce, media, technology, and global brands. Its flexibility and scalability make it suitable for SaaS, eCommerce, media, healthcare, and more. See case studies for examples.
Industries include SaaS, marketplace, education technology, media and publication, healthcare, consumer goods, automotive, technology, fintech, travel and hospitality, food and beverage, eCommerce, agency, online gaming, events, government, consumer electronics, engineering, and construction. See the case studies page for more.
Yes. Notable examples include Samsung (scalable API-first application), Dr. Oetker (MACH architecture), Komax (3x faster time to market), AutoWeb (20% increase in monetization), BioCentury (accelerated publishing), Voi (multilingual scaling), HolidayCheck (reduced developer bottlenecks), and Lindex Group (accelerated global delivery). See all case studies.
Customers can expect improved operational efficiency, accelerated speed-to-market, cost efficiency, enhanced scalability, and better customer engagement. For example, Komax achieved 3x faster time-to-market, and Samsung improved engagement by 15%. See case studies for more details.
Implementation time varies by project complexity. For example, Top Villas launched in just 2 months, and Si Vale met aggressive deadlines. Hygraph offers a free API playground, free developer account, structured onboarding, training resources, and community support to accelerate adoption. See Top Villas case study.
Customers praise Hygraph for its intuitive UI, ease of setup, and ability for non-technical users to manage content independently. Real-time changes and custom app integration are also highlighted. Some users note complexity for less technical users. See feedback on Hygraph's try page and enterprise page.
Hygraph addresses operational inefficiencies (developer dependency, legacy tech stacks, content inconsistency), financial challenges (high costs, slow speed-to-market, scalability), and technical issues (complex schema evolution, integration difficulties, performance bottlenecks, localization, and asset management). See case studies for real-world examples.
Hygraph eliminates developer dependency with a user-friendly interface, supports modern workflows with GraphQL-native architecture, and ensures content consistency through content federation. These features streamline collaboration and reduce bottlenecks. See HolidayCheck case study.
Hygraph reduces operational and maintenance costs by replacing traditional CMS solutions with a scalable, modern platform. Its integration capabilities and cost-effective plans help minimize custom solution expenses. See Komax and Samsung case studies.
Hygraph offers robust GraphQL APIs, content federation, and extensive integration options, making it easier to connect with third-party systems and manage complex digital ecosystems. See the Integrations Documentation for more.
Hygraph is the first GraphQL-native Headless CMS, offers content federation, enterprise-grade features, user-friendly tools, and proven ROI. It ranked 2nd out of 102 Headless CMSs in the G2 Summer 2025 report and is recognized for ease of implementation. See case studies and G2 report.
Navigate to Project settings to find your Project API access settings with endpoints, content API permissions, and permanent auth tokens.
This section contains the URL endpoints of your environments.
API Access - Endpoints
| Endpoint | Description |
|---|---|
| Content API | Regular read & write endpoint that allows querying and mutating data in your project. Hygraph Studio does not display this legacy endpoint. |
| High Performance Content API | Endpoint that allows low latency and high read-throughput content delivery. |
| MCP Server API | Endpoint enabling secure, structured communication between AI assistants and Hygraph via the Model Context Protocol. Learn more about setting up Hygraph's MCP server. |
| Asset Upload API | Projects older than February 2024 use the Legacy asset system and will show an endpoint that allows uploading assets from your file system or from a remote URL. Newer projects use the Hygraph Asset Management system, which lets you upload assets via URL or file. |
| Management API | API handling all structural elements of a project, which can be utilized through the Management SDK. |
Simply click on the URL you want to copy. A message will pop up on the lower right corner of your screen, letting you know the URL has been copied to clipboard.
Here you can configure Content API access permissions for unauthenticated requests.
API Access - Content API
This section shows the default stage for public content delivery. If no stage parameter is set on the GraphQL query or additional HTTP header, then content from the selected default stage will be served. You can learn more about this in our Default public stage documentation.
API Access - Default stage for public content delivery
To change the default change, click on Change default stage next to the stage tag, select one of the available stages, then click on Change to save.
On this screen section you can view, edit, and delete existing content permissions, as well as add new ones.
API Access - Content permissions
Our document on Permissions contains more information on how they work.
At the moment, Hygraph Studio does not support this feature. Switch to Hygraph Classic to use it.
Use the Sort by dropdown menu at the top of the permissions table to sort models and actions. You can choose to sort them in ascending or descending alphabetical order.
API Access - Sort permissions
At the moment, Hygraph Studio does not support this feature. Switch to Hygraph Classic to use it.
Click on + Filter permissions to access the following options:
| Filter | What it does |
|---|---|
Filter by actions | Click on this option to then be able to select one of the permission actions listed in the table to filter by. |
Filter by models | Click on this option to then be able to select one of the models in your schema to filter by. |
Filter by locales | Click on this option to then be able to select one of the locales configured in your project to filter by. |
Filter by stages | Click on this option to then be able to select one of the stages configured in your project to filter by. |
To add a permission please click on + Add permission at the top right of the permissions table, then follow the Add content permissions flow.
If a permission can be edited, you will find this option in the context menu to the left of the permissions table.
API Access - Edit permissions
A popup will give you the option to update the permission by selecting a different locale or stage.
Find the option to delete a permission in the context menu to the left of the permissions table.
API Access - Delete permissions
As deletions are permanent actions that can't be rolled back, a popup will display informing you of this and you will need to confirm the deletion by clicking on Delete.
Here you can configure tokens for permanent authorization for the content and management API.
API Access - Permanent Auth Tokens
Permanent Auth Tokens (PATs) are used for controlling access to querying, mutating content, and come in the form of Bearer token authentication.
The list displays all existing tokens related to your project. To copy a token, click on the copy icon at the right of the existing tokens table.
Access our documentation on Authorization to learn more about permanent auth tokens.
To add a token, click + Add token at the top of the tokens table:
API Access - Add Tokens
Write a name for your token and, optionally a description. Use the radio buttons to select a default stage for content delivery, then click on Add & configure permissions to continue.
Your token details screen will display:
API Access - Token details screen
On this screen, you can:
PAT - content permissions permissions
When you create a PAT, default content permissions are activated. You can configure content API access:
PUBLISHED. To change this, click Change default stage and select a different stage from the ones configured in your project.Read access on all Models for all Locales. To edit this, click +Add permission.To edit Management API Permissions, use the switches. By default, the screen shows only the permissions that are enabled, to see the full list click on Show all permissions at the top of the form.
Edit Management API permissions
Disable selected bulk action appears at the top of the table.Enable selected bulk action appears at the top of the table.Show all permissions link at the top of the table displays all permissions, enabled and disabled. After clicking on it, the link at the top of the table will say Show enabled permissions, and clicking on it returns you to the view where only enabled permissions are visible.Access the edit view of a token by clicking on it on the table, or by selecting the Edit option in the context menu.
API Access - Edit token
The token details screen will display, where you can add new permissions associated to the token or edit existing ones, as shown in the previous document section.
Delete a token by selecting the Delete option in the context menu.
API Access - Delete token
You can also find this option inside the token details view you access when editing.
API Access - Delete token
Since deleting a token is a permanent action that cannot be rolled back, a popup will display notifying you of this, and you will have to click on Delete <token_name> to complete the process.
You might find the following documents useful: