Authorization lets you restrict access to your content to only those with a valid token. You can protect an API from exposing any DRAFT content or disable Mutations.

The ability to filter content is now scoped to the specific Stage you want to query.

Passing in Auth Tokens

const fetch = require('isomorphic-unfetch')
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${GRAPHCMS_TOKEN}`
body: JSON.stringify({ query: '{ posts { title } }' }),
.then(res => res.json())
.then(res => console.log(;

APIs that allow Mutation statements must also allow DRAFT access as the GraphQL specification does not limit what is possible to query in the response of a Mutation request.

This site uses cookies to provide you with a better user experience. For more information, refer to our Privacy Policy