Skip to content

Authentication

As mentioned in the introduction, this system was built with an API-first approach.

All requests made to the management and content delivery endpoints must be authenticated.

There are two ways of authenticating with these APIs.

API tokens

API tokens can be passed via the X-Token header on all requests made to both endpoints.

Creating an API token

From the project landing page, click the New token button.

A new token will be generated and assigned to the project. It can then be used to create authenticated requests to both the management and content delivery APIs.

This token will only be displayed once and will not be retrievable. Take note of it before continuing.

n.b. These tokens provide full access to your content and the structure of your content. Guard them well.

User accounts

The API token approach will be the most common method of authentication with the APIs, however, there is an alternative method.

The management API provides a login method which can be called with a username and password to generate a JWT.

This token can be used in the Authorization: Bearer ... header passed to both endpoints.

A possible use-case for this method of authentication could be building an alternative interface to your data.