Permanent Authorization Tokens

What is a Permanent Auth Token?

To connect your client applications with your GraphCMS backend, you will need to create permanent auth tokens. This will allow your external client to:

  • READ existing content entries
  • WRITE write new and update existing content entries
  • OPEN read, write and update existing content entries

How to work with permanent auth tokens

Be careful! Anyone that gains access to one of your WRITE or OPEN tokens will be able to execute all of these operations and manipulate your content. So it is never a good idea to store a WRITE or OPEN token on the client-side, i.e. a JavaScript client application.

How to use PATs

Permanent auth tokens allow you to give specific services access to your endpoint. This could be some third-party tool or app that wants to access your data in some way.

The permissions are similar to the Public permission options.

For each PAT that you create you also have the possibility to set an API Filter.

Perm Auth Tokens

PermissionRights
QUERYAbility to query your project.
MUTATIONAbility to write data, but not read from your project.
OPENAbility to read and write from the project.