Authorization
From this article, you’ll learn how to get access to the Prepr GraphQL API.
Access tokens
To query environment content using the GraphQL API, you need to have a valid access token. Prepr supports multiple access tokens with different permissions per environment.
During the initial setup of an environment, Prepr automatically generates two unique access tokens — Preview and Production, which are included in the GraphQL endpoint URLs for this environment as shown below:
https://graphql.prepr.io/<YOUR-ACCESS-TOKEN>
You can find the API URLs by navigating in your Prepr environment: Settings → Access tokens.
You can generate a new access token anytime, for example, when adding a new front-end application or upgrading to the latest API version.
Permissions
For each access token you create, you need to determine what kind of content it needs access to. Prepr uses permissions for that.
Permissions allow you to limit a token’s access to your environment content based on content item statuses. For example, the default API endpoints have the following permissions:
-
The Preview token allows retrieving content items in all available statuses, including To do, In progress, Review, Done, and Published.
-
The Production token allows retrieving all published content items.
You can create a new access token anytime and define token permissions according to your specific needs.
You can manage the schema introspection setting per access token. Disable this setting to prevent unauthorized users from accessing your schema, including types, fields, and queries.
Learn more about GraphQL introspection (opens in a new tab).
Was this article helpful?
We’d love to learn from your feedback