Every application that sends data to Apollo GraphOS must use an API key to do so. Apollo Studio enables you to create and manage two types of API keys: graph API keys and personal API keys. Every system that isn't running as part of your local development setup should always use a graph API key.
A graph API key provides access to interacting with a single graph in GraphOS.
Create a unique graph API key for each non-development system that communicates with GraphOS. Doing so enables you to revoke access to a single system without affecting others.
API keys are secret credentials. Never share them outside your organization or commit them to version control. Delete and replace API keys that you believe are compromised.
If a "Publish your Schema" dialog appears, copy the protected value that appears after APOLLO_KEY= in the example code block (it begins with service:), and you're all set.
Otherwise, proceed to the next step.
Open your graph's Settings page and select the API Keys tab. Click Create New Key. Give your key a name, such as Production. This helps you keep track of each API key's use.
If you don't see the API Keys tab, you don't have sufficient permissions for your graph. Only organization members with the Org Admin or Graph Admin role can manage graph API keys. Learn more about member roles.
Copy the key's value. For security, you cannot view an API key's value in Studio after creating it.
Unless you have an Enterprise plan, every graph API key provides full access to its associated graph.
If you have an Enterprise plan, you can assign a role to each graph API key you create. If you do, the API key's permissions are limited to that role's permissions.
You can't change a graph API key's role after it's created. Instead, create a new key with the desired role.
A personal API key provides partial access to every graph in every organization you belong to. Specifically, it has the same permissions that your user account has in each of those organizations.
Personal API keys are useful for local development tools (like the Rover CLI and the Apollo VS Code extension) to load schemas and other data from Studio.
Personal API keys are secret credentials. Never share them with others or commit them to version control. Delete and replace API keys that you believe are compromised.
In the Personal API Key section, click Create New Key. Give your key a name, such as Local development laptop. This helps you keep track of each API key's use.
Copy the key's value. For security, you cannot view an API key's value in Studio after creating it.