Optimizely Graph Authentication: Basic, Bearer, HMAC, and Single Key

Optimizely Graph supports multiple authentication methods, each designed for specific access levels and use cases. Choose the method that matches the audience and trust level of your integration so you grant only the access each caller needs.

The available methods fall into the following access groups:

Admin access – Provides full access to all Graph resources without restriction.
- HMAC
- Basic
Restricted access – Provides scoped access to specific resources based on identity and assigned roles.
- HMAC with the cg-username and cg-roles headers
- Basic
- Bearer (JWT)
Public access – Provides read-only access to publicly available resources, such as published CMS content.
- Single key

Best practices

Follow these guidelines to keep credentials safe and reduce the risk of unauthorized access when integrating with Optimizely Graph.

Use HTTPS in all requests.
Prefer HMAC or JWT for secured production environments.
Rotate single keys regularly and treat them as sensitive credentials.
Never expose secrets or tokens in front-end code unless you use a single key for public content.