Skip to Content
DocumentationManagementAccess Tokens

Access Tokens

Access Tokens in GraphQL Hive are secure credentials used to authenticate API requests and automate actions without using personal login details.

With Access Tokens, you can perform tasks such as:

  • Publish schemas etc. with the Hive CLI
  • Report usage data (SDK or HTTP)
  • (Soon) Access the public Hive Console GraphQL API for managing resources and export data

Access Tokens in GraphQL Hive support granular permission scopes, allowing you to define exactly what actions a token is allowed to perform and on which resources (project, target, service or app deployment). This helps enforce the principle of least privilege, ensuring tokens only have the access they need - and nothing more.

For example, a CI pipeline that publishes schemas only needs the “Publish Service” scope. There’s no need to grant more permissions.

⚠️

Important: Treat access tokens like passwords. Keep them secret and revoke them immediately if compromised. Monitor token usage regularly and revoke unused tokens to maintain security.

Create an Access Token

Ensure sufficient permissions

To create an Access Token in GraphQL Hive, you must have the Manage Access Token permission at the organization level. Tokens are created at the organization level and can be managed (created or deleted) by any user with sufficient permissions.

Organization Access Tokens Section

Go to the Settings tab of your organization and open the Access Tokens section.

Create access token button

Click Create new access token.

Enter General Information

Enter general access token information

Provide a clear title and description to help your team understand the token’s purpose.

Confirm your selection by clicking Next.

Select Permission Scopes

Select permission scopes for the access token

Choose the permissions the token should have.

💡

Tip: Follow the principle of least privilege by only selecting the scopes necessary for the token’s purpose.

Confirm your selection by clicking Next.

Select Resources

Decide if the token should have access to:

  • All resources in the organization, or
  • Only specific projects/targets/services/apps.
Select resources for the access token

Confirm your selection by clicking Next.

Review and Create

Carefully review all the details—title, description, scopes, and resource assignments.

Confirm permissions and scopes on the access token

When you’re ready, click Create Access Token.

Save your Token

After creation, your access token key will be displayed once.

  • Copy the token and store it securely (for example, in a secrets manager).
  • You won’t be able to view it again.
  • Use this token to authenticate with Hive’s CLI or API.
  • Never share your token and immediately revoke it if it becomes compromised.
Confirm permissions and scopes on the access token

Deleting Access Tokens

Within the Access Token overview, click the three dots icon for opening the context menu.

Open the actions for the access token by pressing the three dot icon on the end of the row.

Within that menu, click the Delete menu item.

Delete the access token by selection the delete action in the menu.

Confirm the deletion within the dialog.

Confirm the deletion within the dialogue.

Updating Access Tokens

Updating access tokens is currently not possible. Please instead create a new access token with updated permissions, replace the usages of the old access token and then delete the old access token.

Last updated on
Members, Roles, and PermissionsSingle Sign On (Okta, Entra ID)