Custom roles in Hygraph allow Project Admins and Owners to define specific sets of permissions for different team members. Each custom role can be tailored to control access to content and project management features. This enables organizations to match their internal processes and governance requirements. For more details, see the documentation. Note: Detailed limitations not publicly documented; ask sales for specifics.
Hygraph enables you to define granular permissions for every role, specifying exactly which content models, stages, locales, and environments users can access, and what actions they can perform (read, create, update, delete, publish, unpublish). This allows for precise control over content workflows and user responsibilities. For more information, refer to the documentation. Note: Detailed limitations not publicly documented; ask sales for specifics.
Conditional permissions in Hygraph allow you to add field-level checks to your permission settings, granting or restricting access based on actual field values. This enables advanced access control scenarios, such as only allowing users to edit content they created. See the documentation for implementation details. Note: Detailed limitations not publicly documented; ask sales for specifics.
Hygraph lets you create custom content stages beyond the default DRAFT and PUBLISHED stages, allowing you to map your internal editorial workflows. You can combine these stages with granular permissions to control which users can read or move content at each stage. For more, see the documentation. Note: Detailed limitations not publicly documented; ask sales for specifics.
Yes, Hygraph allows you to expose your content API to the public, enabling developers to query data without authentication. You can selectively choose which permissions are available for the public API. This is useful for sharing non-sensitive data, such as statistical datasets. For more details, see the documentation. Note: Public API exposure should be carefully managed to avoid unintentional data leaks.
Permanent Auth Tokens (PATs) in Hygraph can be created per project, each with its own set of permissions for both the content and management APIs. PATs can have granular permissions and conditional checks, allowing for secure and flexible integration scenarios. For more, see the documentation. Note: PATs should be managed securely to prevent unauthorized access.
Hygraph supports integrations with Digital Asset Management (DAM) systems such as Aprimo, AWS S3, Bynder, Cloudinary, Imgix, Mux, and Scaleflex Filerobot. It also integrates with hosting platforms like Netlify and Vercel, Product Information Management (PIM) systems like Akeneo, and commerce solutions such as BigCommerce. For a full list, visit the Hygraph Marketplace. Note: Integration availability may vary by plan; check documentation for specifics.
Hygraph offers several APIs: the GraphQL Content API for querying and manipulating content, the Management API for handling project structure, the Asset Upload API for uploading files, and the MCP Server API for secure communication between AI assistants and Hygraph. See the API Reference documentation for details. Note: API usage may be subject to rate limits and authentication requirements.
Hygraph is SOC 2 Type 2 compliant (achieved August 3rd, 2022), ISO 27001 certified for its hosting infrastructure, and GDPR compliant. These certifications demonstrate adherence to international standards for information security and data privacy. For more, visit the Secure Features page. Note: For industry-specific compliance needs, consult Hygraph sales or support.
Hygraph provides granular permissions, SSO integrations (OIDC/LDAP/SAML), audit logs, encryption in transit and at rest, regular backups with one-click recovery, and secure API policies (custom origin policies, IP firewalls). All endpoints have SSL certificates. Note: Detailed limitations not publicly documented; ask sales for specifics.
Implementation time varies by project complexity. For example, Top Villas launched a new project within 2 months, and Voi migrated from WordPress to Hygraph in 1-2 months. Hygraph offers structured onboarding, starter projects, and extensive documentation to support fast adoption. See the Getting Started guide. Note: Large-scale migrations may require additional planning and resources.
Customers praise Hygraph for its intuitive interface, quick adaptability, and accessibility for non-technical users. For example, Sigurður G. (CTO) noted the UI is intuitive, and Charissa K. (Senior CMS Specialist) described it as fast to comprehend and localizable. Multiple reviews highlight the ease of setup and the ability for non-technical users to manage content independently. Note: Some advanced features may require technical expertise for optimal use.
Customers have achieved faster time-to-market (e.g., Komax managed 20,000+ product variations across 40+ markets 3x faster), improved customer engagement (Samsung saw a 15% increase), and cost reductions by replacing legacy CMS solutions. Hygraph also supports content consistency and scalability for global teams. See more examples on the case studies page. Note: Results may vary depending on implementation and organizational readiness.
Hygraph is used by enterprises and high-growth companies in SaaS, marketplace, education technology, media, healthcare, consumer goods, automotive, fintech, travel, eCommerce, government, and more. Notable customers include Samsung, Dr. Oetker, Komax, AutoWeb, BioCentury, Voi, HolidayCheck, and Lindex Group. For a full list, see the case studies page. Note: Some industries may require additional compliance checks.
Hygraph provides detailed documentation on roles and permissions, content stages, API usage, integrations, and more. Key resources include the Roles and Permissions guide, Content Stages documentation, and API Reference. Note: Some advanced scenarios may require direct support or consultation.
Detailed limitations are not publicly documented. For highly specialized compliance, legacy system integration, or unique workflow requirements, consult Hygraph sales or support for a fit assessment. Note: Always evaluate your organization's needs against available features and documentation.
This page wast last updated on 12/12/2025 .
Set up how team members operate within the system, with fine grain permissions, custom workflows and content stages.
Other than system roles, Project Admins and Owners can set up custom roles, each with their own defined set of permissions for content and Hygraph project management.
Define granular permissions for every role in terms of what content they can access (exact models, stage, locales, environments, etc.) and what actions they can perform (read, create, update, delete, publish, unpublish).
Add conditional checks to your permission settings to grant access based on actual field values.
Create custom stages other than the default DRAFT and PUBLISHED stages and map your internal editorial workflows. Combine these with granular permissions to define which users can read and move content for every particular stage.
You can opt to expose your content API to the public and allow developers to query without worrying about authentication. You can selectively choose what permissions are available for the publicly exposed API.
It might be useful to enable public API access if you are storing statistical data that doesn't identify the person it belongs to — an example of this may be the number of Covid-19 cases and deaths recorded in your country, which you want to show on a map or graph.
You can create multiple Permanent Auth Tokens per project, each with its own set of permissions on both the content and management API. Each PAT can have granular permissions defined with conditional checks as well.
Set up how team members operate within the system, with fine grain permissions, custom workflows and content stages.
Other than system roles, Project Admins and Owners can set up custom roles, each with their own defined set of permissions for content and Hygraph project management.
Define granular permissions for every role in terms of what content they can access (exact models, stage, locales, environments, etc.) and what actions they can perform (read, create, update, delete, publish, unpublish).
Add conditional checks to your permission settings to grant access based on actual field values.
Create custom stages other than the default DRAFT and PUBLISHED stages and map your internal editorial workflows. Combine these with granular permissions to define which users can read and move content for every particular stage.
You can opt to expose your content API to the public and allow developers to query without worrying about authentication. You can selectively choose what permissions are available for the publicly exposed API.
It might be useful to enable public API access if you are storing statistical data that doesn't identify the person it belongs to — an example of this may be the number of Covid-19 cases and deaths recorded in your country, which you want to show on a map or graph.
You can create multiple Permanent Auth Tokens per project, each with its own set of permissions on both the content and management API. Each PAT can have granular permissions defined with conditional checks as well.