Permission Scope

The Public API Permissions control outside access to your projects GraphQL endpoint. You can think of these permissions as global access permissions.

It's recommended you create individual permanent auth tokens for services that need to query or mutate your project content for more granular control over who accesses your data.

Available Scopes


Restricts access to queries and mutations, but permits introspection. Queries and mutations will return a Not Authorized when this is selected. This is the default scope.


Permits queries, but mutations will return Not Authorized.


Permits mutations, but queries will return Not Authorized.


Permits queries and mutations.

OPEN will expose your entire API endpoint. If you need to use the OPEN, it's recommended you use filters to limit the access to the data.


You can specify filters for your selected API scope. These filters apply to all content models, and can allow you to only expose content that have a status set to PUBLISHED.