In this page

Content Delivery API > Authentication and permissions

Authentication and permissions

To communicate with the GraphQL server, you'll need an API token. To start, you can find your read-only API token in the Settings > API tokens section of your administrative area:

Regardless of which API token you use, make sure that the "Access the Content Delivery API" or "Access the Content Delivery API in Preview Mode" flags are enabled, otherwise the API token will not be able to make calls to the CDA.

Restricting access

If you want to restrict GraphQL access only to a selection of your models, you can generate a custom API token and assign to it a custom role.

If an API token can only access specific models, any other field will be completely hidden from the GraphQL schema and response, eliminating any potential information exposure.

Different behavior on legacy projects

On projects created before January 8, 2024 — and that have not explicitly activated the "Improved GraphQL Security" update — the behavior will be slightly different: you can read all the details in the related product update.

Did this doc help you?

Still need help?

Explore our forum, contact support, or connect with our sales team. You can also chat live with other users in our Slack channel.