Hello, I have been connecting to my graph instance using TigerGraphConnection without an API token. I have been able to upsert/run gsql. I am wondering why the API token and secret are used by most of the demos I see.

I understand there is the added role-based authentification (i.e., a different secret per user/graph pair). Are there any other restrictions/benefits?

And follow up question… Would we need a unique username/password for every user (or role) in order to implement the “secret” framework?

Hi, @emackie the benefit of adding authentication credentials is to provide more security around your solution.

For instance, if you had a person on your team that is a “Data Scientist” you might only grant them permission to read and write queries but cannot do anything else.

You can either use the pre-existing roles that come with TigerGraph or create your own custom roles. Next what you would do is grant those permissions to a particular user for a particular graph. The last step would then be generating a secret and a token they could use.

A rule of thumb is to always provide users (even yourself) with the least amount of permission possible to accomplish the task at hand.

Secret Framework – Most corporations have an Identity System that uses Single Sign-On (Docs attached here) what you would do is link the groups from your Identity System to your TigerGraph security group. The docs link above walks through those steps pretty thoroughly.