Structural information (metadata) is backuped daily via a snapshot for all plans starting from Standard. The content databases support point-in-time recovery (PiTR). Point-in-time recovery allows to restore a database into a state it was in any point of time.
Data can also be exported with the GraphCMS Import/Export feature and backed-up manually at any time.
Enterprise plans can also have nightly and offsite backups.
Nightly copies of your content can be sent to your own Amazon S3 buckets. Available in the GraphCMS enterprise plans.
You can set the access rights to your API to either Read, Write, Open, or Protected.
Internal Audit logs allow you to monitor any content schema changes. Advanced audit logs are coming up soon.
GraphCMS offers enterprise-grade service level agreements for availability and support. We offer service uptime guarantees of up to 99.9% uptime. Our support response time can be as low as one hour for critical issues. Reach out to our sales team for details.
Your project will either be hosted on a shared server, or you will be provided with your own dedicated server infrastructure within one of the data-centres we work with.
System tokens can have different grants meant for internal tools e.g. for scripts periodically dumping data into GraphCMS, for connecting a legacy CMS, or for a one-time import/export of large amounts data.
Using a headless CMS means having a content exit strategy in place at all times. As any content can be fetched via the API in a JSON format, you can pull out your data at any time. There is no vendor lock-in with GraphCMS. GraphCMS also provides several content backup options.
Yes, our user authentication system auth0 is able to handle this. Auth0 supports the main industry standards such as SAML, WS-Fed, and OAuth 2.0 (OpenID Connect is based on OAuth 2.0), so you can hook any third-party application that you need.
All endpoints of your projects have an SSL certificate.
You can set your endpoint permissions scope from Public to Protected, Read-only or Write-only (Mutations) in your Project Settings. Using a permanent auth token – also generated in your Settings – allows you to only authorize a specific client to access your Project.