Authorization lets you restrict access to your content to only those with a valid token. You can protect an API from exposing any DRAFT content or disable Mutations.

You can locate your auth tokens in the settings panel, please refer to the following guide on creating, editing and deleting tokens. See the section called "API Settings with Tokens"

The ability to filter content is now scoped to the specific Stage you want to query.

Passing in Auth Tokens

const fetch = require('isomorphic-unfetch');
method: 'POST',
headers: {
'Content-Type': 'application/json',
Authorization: `Bearer ${GRAPHCMS_TOKEN}`,
body: JSON.stringify({ query: '{ posts { title } }' }),
.then((res) => res.json())
.then((res) => console.log(;

APIs that allow Mutation statements must also allow DRAFT access as the GraphQL specification does not limit what is possible to query in the response of a Mutation request.

Were you expecting something more?

We are constantly contributing to our documentation, but if you spot something we're missing, let us know and we'll be sure to add it.

This site uses cookies to provide you with a better user experience. For more information, refer to our Privacy Policy