Read-only GraphQL Tokens

When developing a CLI utility for build notifications I opted to use the REST API. I would have preferred to use the GraphQL API, but the lack of access control made me nervous. Are there any plans to support read-only GraphQL tokens, at a minimum?

Absolutely, we have plans to make GraphQL permissions more granular in the future for just these sorts of scenarios, but I can’t say when it’ll happen sorry.

Building on the REST API sounds sensible for now, and we’ll definitely make noise in the Changelog and elsewhere when it lands.