Experience GraphQL Summit 2024

API Keys

Use graph and personal API keys to authenticate requests

Every system that communicates with Apollo GraphOS must use an API key to do so. GraphOS Studio enables you to create and manage two types of API keys: graph API keys and personal API keys.

Any system that isn't running as part of your local development setup should always use a graph API key.

Graph API keys

A graph API key provides access to interacting with a single graph in GraphOS.

Create a unique graph API key for each non-development system that communicates with GraphOS. Doing so enables you to revoke access to a single system without affecting others.

How to obtain a graph API key
⚠️ caution
API keys are secret credentials. Never share them outside your organization or commit them to version control. Delete and replace API keys that you believe are compromised.
  1. Go to studio.apollographql.com and click the graph you want to obtain an API key for.
  2. If a Publish your Schema dialog appears, copy the protected value that appears after APOLLO_KEY= in the example code block (it begins with service:), and you're all set.Otherwise, proceed to the next step.
  3. Open your graph's Settings page and select the API Keys tab. Click Create New Key. Give your key a name, such as Production. This helps you keep track of each API key's use.
     note
    If you don't see the API Keys tab, you don't have sufficient permissions for your graph. Only organization members with the Org Admin or Graph Admin role can manage graph API keys. Learn more about member roles.
  4. Copy the key's value. For security, you cannot view an API key's value in Studio after creating it.

Setting permissions

Unless you have an Enterprise plan, every graph API key provides full access to its associated graph.

If you have an Enterprise plan, you can assign a role to each graph API key you create. If you do, the API key's permissions are limited to that role's permissions.

You can't change a graph API key's role after it's created. Instead, create a new key with the desired role.

Personal API keys

A personal API key provides partial access to every graph in every organization you belong to. Specifically, it has the same permissions that your user account has in each of those organizations.

Personal API keys are useful for local development tools (like the Rover CLI and the Apollo VS Code extension) to load schemas and other data from GraphOS.

How to obtain a personal API key
⚠️ caution
Personal API keys are secret credentials. Never share them with others or commit them to version control. Delete and replace API keys that you believe are compromised.
  1. Go to studio.apollographql.com/user-settings.
  2. In the Personal API Key section, click Create New Key. Give your key a name, such as Local development laptop. This helps you keep track of each API key's use.
  3. Copy the key's value. For security, you cannot view an API key's value in Studio after creating it.
Feedback

Forums