Refresh to a per user GraphQL token

Learn how to switch from a per tenant GraphQL token over to user based tokens

Chris Ramlow avatar
Written by Chris Ramlow
Updated over a week ago

Having a per user based tokens system enables an extra layer of security with multiple unique tokens per tenant where each Admin user has their own token. This is far more secure as, unlike a per tenant based token system, when a user's account is removed from the platform their token access also terminates and does but will not remove access for everyone valid on the tenant.

The per user token also helps the auditing process as now we can identify the owner of the token and quickly pin point potential issues.

Lastly, with the shared tenant based token someone else may invalidate it and break everyone's access, however, by switching to your own user based token no one in your organization can invalidate it.

To setup a per user based token either click on edit your user profile from the drop down menu on the right top of any page when logged into the platform

Or Admin can get there from this location within global system settings, which requires an Admin role /a/system-settings/development/#general

Clicking the Access here button will take you to your Editing Profile Additional Information page (only Admin users will see the GraphQL ) where a token can be securely generated. This token is unique to your user account. Clicking the refresh button will generate a new token and also invalidate the previous user token - it will not invalidate the tenant based token with any user switching to user based.

Note that non Admin role users will not see or have this option in their profile:

See also

Did this answer your question?