As mentioned in the introduction, this system was built with an API-first approach.
There are two ways of authenticating with these APIs.
API tokens can be passed via the
X-Token header on all requests made to both endpoints.
Creating an API token¶
From the project landing page, click the
New token button.
A new token will be generated and assigned to the project. It can then be used to create authenticated requests to both the management and content delivery APIs.
This token will only be displayed once and will not be retrievable. Take note of it before continuing.
n.b. These tokens provide full access to your content and the structure of your content. Guard them well.
The API token approach will be the most common method of authentication with the APIs, however, there is an alternative method.
The management API provides a
login method which can be called with a username and password to generate a JWT.
This token can be used in the
Authorization: Bearer ... header passed to both endpoints.
A possible use-case for this method of authentication could be building an alternative interface to your data.