ServiceAccount
A non-human identity for programmatic API access.
Service accounts let you integrate CI/CD pipelines, scripts, and external tools with the
Massdriver API. They authenticate using access tokens — issue one with createAccessToken
and pass it as a bearer token on API requests.
Permissions — Service accounts have no inherent permissions. Add them to groups to grant
access, using the same role model as human users. A service account in the Admins group
has the same access as a human admin.
Lifecycle:
- Create the service account.
- Add the service account to one or more groups to grant access.
- Issue one or more access tokens for the service account via
createAccessToken. The raw token value is only shown once at creation — store it securely before navigating away. - Delete the service account when it is no longer needed. This immediately revokes all access, including any active access tokens.
type ServiceAccount {
id: ID!
name: String!
description: String
createdAt: DateTime!
updatedAt: DateTime!
}
Fields
ServiceAccount.id ● ID! non-null scalar {#id}
Unique identifier for this service account.
ServiceAccount.name ● String! non-null scalar {#name}
Human-readable name displayed in the UI, logs, and audit trail.
ServiceAccount.description ● String scalar {#description}
Optional text explaining what this service account is used for.
ServiceAccount.createdAt ● DateTime! non-null scalar {#created-at}
When this service account was created (UTC).
ServiceAccount.updatedAt ● DateTime! non-null scalar {#updated-at}
When this service account was last modified (UTC).
Returned By
serviceAccount query
Member Of
ServiceAccountGroupPayload object ● ServiceAccountPayload object ● ServiceAccountsPage object