Permission Scope

The Public API Permissions control outside access to your projects GraphQL endpoint. You can think of these permissions as global access permissions.

It's recommended you create individual permanent auth tokens for services that need to query or mutate your project content for more granular control over who accesses your data.

Available Scopes

PROTECTED

Restricts access to queries and mutations, but permits introspection. Queries and mutations will return a Not Authorized when this is selected. This is the default scope.

QUERY

Permits queries, but mutations will return Not Authorized.

MUTATION

Permits mutations, but queries will return Not Authorized.

OPEN

Permits queries and mutations.

OPEN will expose your entire API endpoint. If you need to use the OPEN, it's recommended you use filters to limit the access to the data.

Filters

You can specify filters for your selected API scope. These filters apply to all content models, and can allow you to only expose content that have a status set to PUBLISHED.