Manage access tokens used for schema publishing, schema checks, app deployment publishes and other actions available via the GraphQL API. For more information, please refer to our access token documentation.
Use the Organization.accessTokens
field for retrieving a paginated list of available access.
query OrganizationAccessTokens($organizationSlug: String!, $after: String) {
organization(reference: { bySelector: { organizationSlug: $organizationSlug } }) {
accessTokens(first: 10, after: $after) {
edges {
node {
id
title
description
createdAt
}
}
pageInfo {
endCursor
hasNextPage
}
}
}
}
Instead of fetching a paginated list, it is also possible to retrieve a single access token by its
id via the Organization.accessToken
field.
query OrganizationAccessTokenById($organizationSlug: String!, $accessTokenId: ID!) {
organization(reference: { bySelector: { organizationSlug: $organizationSlug } }) {
accessToken(id: $accessTokenId) {
id
title
description
createdAt
}
}
}
A list of permissions that are assignable to access tokens can be retrieved via the
Organization.availableOrganizationAccessTokenPermissionGroups
field. It returns a list of all
permission groups and their permissions.
query OrganizationPermissions($organizationSlug: String!) {
organization(reference: { bySelector: { organizationSlug: $organizationSlug } }) {
id
slug
availableOrganizationAccessTokenPermissionGroups {
id
permissions {
id
title
description
}
}
}
}
An access token can be created by using the Mutation.createOrganizationAccessToken
field.
The CreateOrganizationAccessTokenResultOk.privateAccessKey
field in the mutation results contains
the access key that can be used with the Hive CLI or the Hive GraphQL API as an authorization
header.
mutation CreateAccessTokenMutation($input: CreateOrganizationAccessTokenInput!) {
createOrganizationAccessToken(input: $input) {
ok {
privateAccessKey
}
error {
message
details {
title
description
}
}
}
}
Use the CreateOrganizationAccessTokenInput.resources
field to specify on which resources the
permissions should apply. Permissions are inherited by all subresources (organization, project,
target, service, app deployment).
{mode: 'ALL',projects: []}
{mode: 'GRANULAR',projects: [{projectId: '<PROJECT_ID>',targets: {// Grant permissions on all targets within projectmode: 'ALL'}}]}
{mode: 'GRANULAR',projects: [{projectId: '<PROJECT_ID>',targets: {// Grant permissions on a single targets within projectmode: 'GRANULAR',targets: [{targetId: '<TARGET_ID>',// Grant permissions on a all services within targetservices: { mode: 'ALL' },// Grant permissions on a all app deployments within targetappDeployments: { mode: 'ALL' }}]}}]}
A access token can be deleted by using the Mutation.deleteOrganizationAccessToken
field.
mutation CreateAccessTokenMutation($input: CreateOrganizationAccessTokenInput!) {
deleteOrganizationAccessToken(input: $input) {
ok {
deletedOrganizationAccessTokenId
}
error {
message
}
}
}