For applications, where you don't identify and authenticate individual users, you can use an API key. These API keys are in fact an identity (without a person) with permanent access token. So you can later manage memberships of users and API keys using the same API.
This mutations returns 3 identifiers, which may be relevant for you:
- API key ID: using this ID you can later call a
disableApiKeyand invalidate this API key
- identity ID: which you use to modify API key memberships and permissions
- token: which is a bearer token, which you use in all GraphQL requests
There is also a interactive CLI command for creating an API key. Run
and follow the instructions
You need an API key ID to disable it. Do not confuse this id with identity id!