2 months ago
Hello Railway Support,
I'm calling the Public GraphQL endpoint POST https://backboard.railway.com/graphql/v2 using a Personal Access Token (PAT) and getting GraphQL-level authorization errors even though the HTTP request succeeds (status 200). Please inspect the server-side logs for the traceIds below and advise.
Observed responses (examples):
- query { me { id email } } -> {"errors":[{"message":"Not Authorized", ... }], "data": null}
- query { projects { nodes { id name } } } -> {"errors":[{"message":"Problem processing request", ... }]}
TraceIds I observed:
- 7979638363040132837
- 8378851012281323091
- 6260984956777981091
- 6624444507877619265
- 8197356199780581010
- 5817495885322715845
Token identifier:
- PAT prefix (first 8 chars): c8190651
(I will NOT paste the full token here.)
Commands I ran (for your reference):
- bash (curl, forced HTTP/1.1):
printf '%s' '{"query":"query { me { id email } }"}' \
| curl --http1.1 -sS -X POST "https://backboard.railway.com/graphql/v2" \
-H "Authorization: Bearer $RAILWAY_PAT" -H "Content-Type: application/json" -d @- | jq .
- PowerShell:
$headers = @{ Authorization = "Bearer $env:RAILWAY_PAT"; 'Content-Type'='application/json' }
$body = '{"query":"query { me { id email } }"}'
Invoke-RestMethod -Uri 'https://backboard.railway.com/graphql/v2' -Method Post -Headers $headers -Body $body
Notes:
- The HTTP layer returns 200 but the GraphQL response body contains the errors shown above (i.e., request reached GraphQL and was evaluated).
- I created this as a Personal Access Token (PAT) and tested it immediately after creation. The token prefix above is from that token.
- Please confirm:
1) Whether this token is missing any required scope(s) for the me and projects queries, and which exact scopes are required.
2) Whether the PAT needs to belong to a workspace member (and how to confirm membership via API or console).
3) What the backend log shows for the traceIds above (root cause / fix).
4) Whether there are any token type restrictions (e.g., project-scoped vs workspace PAT) that would cause these errors.
If you need timestamps, I ran these tests on 2025-09-26 (UTC) — I can provide exact timestamps if that helps. Also tell me if you need the first 8 chars of any other token or the request headers/requests verbatim (I can provide them without the full token).
2 Replies
2 months ago
Hey there! We've found the following might help you get unblocked faster:
If you find the answer from one of these, please let us know by solving the thread!
2 months ago
This thread has been marked as public for community involvement, as it does not contain any sensitive or personal information. Any further activity in this thread will be visible to everyone.
Status changed to Open brody • 2 months ago
2 months ago
query { me { id email } } requires personal access token iirc, not using your personal access token here is the only reason I can see why it would be returning an authentication error.
query { projects { nodes { id name } } } doesnt seem to be correct syntax, could you try this syntax instead:
workspace (workspaceId: "WORKSPACE ID") {
projects {
edges {
node {
id
name
}
}
}
}To answer your questions:
There are only two scopes, personal access token and workspace access token, from what I know the personal access token is the highest level token and should work with essentially any workspace. The workspace access token is limited to only queries regarding that worksapce. For your first query (me: {id, email}) you'll need a personal access token while for getting projects, either will work
It doesn't have to be workspace scoped, it can be account scoped (personal access token) and then you'll be able to query for any workspace. I don't know if you can get the workspace for the workspace access token
N/A ( I don't work for Railway )
Answer #1 should be able to answer this
Status changed to Solved dev • 2 months ago