Grafbase is a platform that accelerates the development of GraphQL APIs, offering features like edge caching, unified data access, and seamless integration with popular authentication strategies.
Grafbase is a platform that accelerates the development of GraphQL APIs, offering features like edge caching, unified data access, and seamless integration with popular authentication strategies. On Nagent, Grafbase is exposed as a fully-configurable developer tools integration that any agent can call — 28 actions, and API key authentication. No code is required to wire Grafbase into your workflow — connect it once via the External Integrations panel and reuse it across every agent you build.
Agent builders use Grafbase to automate the kinds of tasks developer tools teams previously handled manually. Concrete examples — each one is a single agent step in Nagent — include:
Every action and trigger is paired with a structured input/output schema (visible in the sections below), so when you wire Grafbase into Helix — our agentic agent builder — the editor knows exactly what each step expects and produces. Configure once, deploy anywhere across your Nagent agents.
Every operation an agent can call against Grafbase, with input parameters and output schema. Drop these into any step of an agent built in Helix.
GRAFBASE_ADD_ZITADEL_REDIRECTAdd a redirect URI to Zitadel OAuth configuration in Grafbase. Use when you need to register a new redirect URI for OAuth flows with Zitadel identity provider.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_ASSIGN_TEAM_ROLETool to assign a role to a team member in Grafbase. Use this when you need to change a team member's role between MEMBER and ADMIN. ADMIN role grants team management privileges including adding/removing members and changing roles.
Input parameters
Role to assign to the team member. MEMBER grants standard access, ADMIN grants administrative privileges including team management.
Unique identifier of the team. Must be a valid Grafbase team ID.
Unique identifier of the member to assign the role to. Must be a valid Grafbase user ID.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_DELETE_API_KEYDelete an existing Grafbase API key (access token) by ID. Use after confirming the key ID via the List API Keys action. This action permanently revokes the API key's access.
Input parameters
The unique identifier of the Grafbase API key (access token) to delete. Obtain this ID by first listing API keys using the List API Keys action.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_DELETE_AUDIT_LOGTool to delete a specific Grafbase audit log entry. IMPORTANT: Grafbase does not expose a public API to delete audit logs. Audit logs are read-only compliance records retained for 90 days and can only be exported as CSV from the Grafbase Dashboard. This action validates connectivity to the Grafbase API and returns an informative response about this limitation.
Input parameters
The unique identifier of the audit log entry to delete. Note: Grafbase audit logs cannot be deleted via API - they are retained for 90 days and only exportable via CSV from the dashboard.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_DELETE_EXTENSIONTool to delete a Grafbase extension configuration by its unique ID. Note: Grafbase extensions are primarily configured via grafbase.toml configuration file and WebAssembly modules, not through a REST API. This action attempts to delete via the API endpoint if it exists; otherwise, it returns guidance on how to remove extensions via configuration. Use this action when you need to programmatically attempt to remove an extension configuration, understanding that the operation may require manual configuration changes if the API endpoint is not available.
Input parameters
The unique identifier of the extension to delete. Note: Grafbase extensions are typically configured via grafbase.toml, not via REST API. This action attempts to delete via API if supported, otherwise returns guidance.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_DELETE_MCP_SERVERTool to delete a Grafbase MCP server configuration by its unique ID. Note: Grafbase MCP is primarily configured via grafbase.toml configuration file, not through a REST API. This action attempts to delete via the API endpoint if it exists; otherwise, it returns guidance on how to disable MCP via configuration. Use this action when you need to programmatically attempt to remove an MCP server configuration, understanding that the operation may require manual configuration changes if the API endpoint is not available.
Input parameters
The unique identifier of the MCP server configuration to delete. Note: Grafbase MCP is typically configured via grafbase.toml, not via REST API. This action attempts to delete via API if supported, otherwise returns guidance.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_DELETE_SCHEMATool to delete a subgraph from a Grafbase federated graph. Use this when you need to remove a subgraph from the schema registry. The operation can be run as a dry run first to check if deletion would cause composition errors in the federated graph. Required: account_slug, subgraph_name Optional: branch (defaults to 'main'), graph_slug, message, dry_run
Input parameters
The branch name where the subgraph exists (defaults to 'main')
If True, validates the deletion without actually removing the subgraph. Useful for checking composition impact.
Optional message describing the reason for deletion
Optional graph slug if the account has multiple graphs
The organization/account slug that owns the graph (e.g., 'my-organization')
The name of the subgraph to delete from the federated graph
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_DELETE_SCHEMA_CHECKAttempt to delete a schema check from the Grafbase platform. IMPORTANT LIMITATION: The Grafbase Platform API does not support deleting schema checks. Schema checks are immutable audit records that provide a historical trail of schema validations. They cannot be deleted through the API. This action will verify the schema check exists and return an informative response indicating that deletion is not supported by the Grafbase API. If you need to manage schema checks, consider: - Using the 'List Schema Checks' action to view existing checks - Using the 'Get Schema Check' action to retrieve details of a specific check - Schema checks are automatically created via 'grafbase check' CLI command or API
Input parameters
The unique identifier of the schema check. Note: Grafbase does not support deleting schema checks as they are immutable audit records.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_DELETE_TEAMTool to delete a team from the Grafbase organization. Use when removing a team that is no longer needed. This action permanently removes the team and its associated permissions.
Input parameters
The unique identifier of the team to delete. Must be a valid CompositeID format (e.g., 'team_01KFQJ7YT4PSP01A09ACVTR899').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_DISABLE_MCPDisable the Model Context Protocol (MCP) server for a Grafbase project. MCP enables AI agents to query your GraphQL APIs using natural language. Use this action when you need to turn off MCP access to your API. Note: In most Grafbase deployments, MCP is configured via grafbase.toml (setting \[mcp\].enabled = false). This action attempts to disable MCP via API if the endpoint supports it, otherwise returns guidance for configuration-based disabling.
Input parameters
Optional reason for disabling MCP; included in the response message for audit/logging purposes.
If true, simulates the disable action without making changes. The API call is still executed but response indicates dry-run mode.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_ENABLE_MCPEnable the Model Context Protocol (MCP) server on a Grafbase gateway. MCP allows AI tools (like Cursor, Windsurf, VS Code) to explore and query your GraphQL API using natural language. This tool attempts to enable MCP via the gateway API. Note: MCP is typically enabled via gateway configuration (grafbase.toml with \[mcp\].enabled = true). If the API endpoint is not supported or the gateway is unreachable, this tool returns guidance for manual configuration. Use this when you need to activate MCP support on a Grafbase gateway.
Input parameters
Optional reason or context for enabling MCP. Used for logging and message annotation only.
If true, indicates a dry run intent. The API call is still executed but this flag is logged for reference.
Target enabled state (true to enable, false to disable). If not provided, the default enable behavior is used.
Optional custom MCP server URL to configure. If provided, it may be sent in the request body if the endpoint accepts it.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_GET_AUDIT_LOGTool to retrieve a specific Grafbase audit log entry by searching organization activity. Note: Grafbase does not expose a direct API to fetch individual audit log entries by ID. This action queries organization member activity via the GraphQL API and attempts to find a matching entry based on the provided log_id (which can be a timestamp, user ID, or action type). For full audit log access, use the CSV export feature in the Grafbase dashboard (Settings > Audit Logs) which is available to organization owners and admins.
Input parameters
Identifier for the audit log entry to retrieve. Can be a timestamp, user ID, or action type to search for.
Organization slug to scope the audit log search (optional)
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_GET_EXTENSION_BY_NAMETool to retrieve a Grafbase extension by its name. Returns detailed information including the extension's ID, name, versions, and ownership details. Use this when you need to look up an extension by name rather than ID.
Input parameters
The name of the extension to retrieve (e.g., 'postgres', 'auth0', 'stripe')
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_GET_EXTENSION_VERSION_BY_NAME_AND_VERSIONTool to retrieve details of a specific Grafbase extension version by name and version. Use when you need to query information about a particular version of an extension, including its creation date and license.
Input parameters
The semantic version of the extension (e.g., '0.6.1')
The name of the extension (e.g., 'postgres', 'mongodb')
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_GET_FEDERATED_SCHEMARetrieves the composed federated graph schema from Grafbase in SDL format. Use this to inspect the unified schema after all subgraph schemas have been composed. Returns the full GraphQL SDL including all types, queries, mutations, and subscriptions. Requires at least one federated graph with published subgraphs to return a schema.
Input parameters
Branch name to retrieve the federated schema for (defaults to 'main' if not provided)
Slug identifier of the federated graph (e.g., 'my-graph'). If not provided, returns the schema from the first available graph.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_GET_INVITATIONTool to retrieve details about a specific Grafbase invitation by ID. Use when you need to check the status, email, or creation date of an invitation.
Input parameters
The unique identifier of the invitation to retrieve. Uses CompositeID format (e.g., '01KFQJ7YT4PSP01A09ACVTR899').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_GET_NOTIFICATIONS_INBOX_MESSAGESTool to retrieve notifications inbox messages for the authenticated Grafbase user. Returns all notification messages with counts of total and unread notifications. Use when you need to check for new notifications or see notification history.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_GET_SCHEMA_CHECKRetrieve details of a specific schema check by its ID. This tool fetches comprehensive information about a schema validation check, including error details, git commit information, and approval status. Requires account_slug and graph_slug to identify the graph. Use the check_id from list_schema_checks to retrieve specific check details.
Input parameters
The unique ID of the schema check to retrieve. Obtain this from list_schema_checks action.
The slug of the graph within the account (e.g., 'my-graph')
The slug of the Grafbase account/organization (e.g., 'my-org')
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_GET_SUBGRAPH_SCHEMARetrieves the GraphQL SDL schema for a specific subgraph by name. Use GRAFBASE_LIST_SUBGRAPHS first to discover available subgraph names. Returns the full schema definition including types, queries, mutations, and subscriptions.
Input parameters
The unique name of the subgraph to retrieve the schema for. Use GRAFBASE_LIST_SUBGRAPHS to discover available subgraph names first.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_LIST_API_KEYSList all API keys (access tokens) for the authenticated Grafbase user. Uses the Grafbase Management API to retrieve access tokens with pagination support.
Input parameters
Number of API keys to return from the end of the list (backward pagination). Max 100.
Cursor for forward pagination. Return items after this cursor.
Number of API keys to return from the beginning of the list (forward pagination). Max 100.
Cursor for backward pagination. Return items before this cursor.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_LIST_AUDIT_LOGSTool to list audit logs for Grafbase organizations. Audit logs track organization member activity including graph management, team operations, access control changes, and configuration updates. Note: Grafbase audit logs are retained for 90 days. Currently, the primary method to access audit logs is via CSV export from the Grafbase dashboard. This action attempts to query organization activity via the GraphQL API and returns available data or an informative response about API limitations.
Input parameters
Pagination cursor to fetch logs after this point
Maximum number of audit log entries to return (default: 50)
Organization slug to filter audit logs (optional, returns logs from all accessible organizations if not specified)
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_LIST_EXTENSIONSTool to list all extensions configured for a Grafbase project. Returns extensions from the project's configuration. Use to discover what extensions are installed in your Grafbase gateway.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_LIST_MCP_SERVERSCheck MCP server configuration status for a Grafbase gateway. Grafbase MCP servers are configured via grafbase.toml files, not through a dynamic API. This tool checks if the MCP endpoint is accessible and provides configuration guidance. Use this tool when you need to: - Check if MCP is enabled on a Grafbase gateway - Get the MCP endpoint URL for a gateway - Understand how to configure MCP for Grafbase
Input parameters
If True, attempts to verify MCP endpoint accessibility. If False, returns configuration guidance without making network requests.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_LIST_SCHEMA_CHECKSList schema checks for a Grafbase graph. This tool retrieves the history of schema validation checks that have been run against a specific graph. Schema checks help detect breaking changes before deploying schema updates. Requires account_slug and graph_slug to identify the target graph. Supports cursor-based pagination using first/after or last/before parameters.
Input parameters
Number of schema checks to return from the end (max 100). Use with 'before' for backward pagination.
Cursor for forward pagination. Pass the 'endCursor' from a previous response.
Number of schema checks to return (max 100). Use with 'after' for pagination.
Cursor for backward pagination. Pass the 'startCursor' from a previous response.
Filter schema checks by branch name (e.g., 'main', 'staging')
The slug of the graph within the account (e.g., 'my-graph')
The slug of the Grafbase account/organization (e.g., 'my-org')
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_LIST_SCHEMASTool to list all schemas in the Grafbase schema registry. In Grafbase, the schema registry tracks published subgraphs in federated graphs. Each schema entry represents a subgraph with its name, endpoint URL, and associated graph/branch.
Input parameters
Branch name to filter schemas/subgraphs (defaults to showing all branches if not provided)
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_LIST_SUBGRAPHSTool to list published subgraphs in your Grafbase federated graphs. Use this to discover all subgraphs, their names, and endpoint URLs across your organizations. Optionally filter by branch name (e.g., 'main', 'dev').
Input parameters
Branch name to filter subgraphs (e.g., 'main', 'dev'). If not provided, returns subgraphs from all branches.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_MARK_NOTIFICATIONS_AS_READTool to mark Grafbase notifications as read. Use when you need to update the read status of one or more notifications in your notification inbox.
Input parameters
Array of notification IDs to mark as read. Each ID must be a valid 22-character CompositeID in ULID format (e.g., '01KFQJ7YT4PSP01A09ACVTR899').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
GRAFBASE_REMOVE_GRAPH_OWNERTool to remove an owner from a Grafbase graph. Use when you need to revoke ownership or access rights for a user or team on a specific graph.
Input parameters
The unique identifier of the graph to remove the owner from. This is the graph ID in Grafbase format (e.g., 01KFQJ7YT4PSP01A09ACVTR899).
The unique identifier of the owner (user or team) to remove from the graph. This can be a user ID or team ID in Grafbase format.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
No publicly available marketplace agent is found using this tool yet. There are 83 agents privately built on Nagent that already use Grafbase.
Build on Nagent
Connect Grafbase to any Nagent agent in minutes — no API key management, no boilerplate. Just configure and deploy.
The five questions agent builders ask before adopting a new integration.
Open the External Integrations panel inside Nagent (app.nagent.ai/externalIntegration), find Grafbase, and click "Connect Now." You'll authenticate with an API key — Nagent handles credential storage and refresh automatically. Once connected, Grafbase is available to any agent in your workspace.
No. Nagent provides no-code integration for every tool. Once Grafbase is connected, you configure its 28 actions directly in the agent builder UI — no API calls, no boilerplate, no schema management.
Helix — Nagent's agentic agent builder — lets you drop Grafbase steps into any workflow visually. Pick an action (e.g., one of those listed above), fill in the inputs (Helix knows the required vs. optional schema for each parameter), and connect it to upstream/downstream steps. Triggers run as the entry point of an agent, so when a Grafbase event fires, the agent kicks off automatically.
Every Grafbase action and trigger ships with a fully-typed schema — input parameters with name, type, required flag, and description, plus the output payload shape. The schemas are documented in the sections above. Helix uses these schemas to validate your configuration at build time and to type-check the data flowing between steps.
Yes. While Grafbase ships with 28 pre-built developer tools actions, you can layer custom logic around them inside Helix — pre/post-processing steps, conditional branches, retries, or stitching Grafbase together with other connected tools. For deeper customization, talk to our team about Nagent's Agentic AI Lab — forward-deployed engineers who build Grafbase-based workflows tailored to your business.