Content API manager

You must be a system administrator or higher to manage content API access across your Matrix instance.

The content API manager is a management asset that lets you create API token assets. These token assets provide read-only API access to root nodes in your Matrix system, based on the user account and root node you select for each token.

All API tokens are managed through the content API manager, which you can access through System Management  Content API Manager. You create tokens beneath this management asset and link the tokens to other root asset nodes you want to access using headless mode.

As a system administrator, you can control what parts of the asset tree a content API can access, and what permission restrictions each content API should inherit based on the user profile selected.

API token field reference

The following fields let you configure what access the API has to your site.


Lets you enable or disable this token. If you disable the token, any integrations you have set up using this token will be unavailable.

Requests sent while the token is disabled return a HTTP 401 Unauthorized error when returned in an API request.


The name of the asset displayed in the asset tree. You set this name when you create the token asset.

You can change the name without affecting access to the API endpoint: the asset name is purely to help you locate it in the asset tree.


The API token you use in requests for this content API integration. The token is a unique value, and can not be changed.


Select the user to base the permissions of the token against. You can choose any user account type to base the permissions on, depending on the requirements of your API integration.

If you do not select a user, the API returns an HTTP 401 Unauthorized error.

You can also set Root node restrictions to explicitly control what parts of your site are accessible to the API endpoint, in addition to inherited user permissions.

Root node restrictions

Select the root node (or nodes) you want to explicitly grant access to through the API integration, in line with the inherited permissions of the selected user.

If you do not set root node restrictions, the permissions of the selected User determine what assets and resources are available through the API.

Requesting a resource that is not under a restricted root node results in an HTTP 403 Forbidden response being returned.

How to create a Content API token

Tokens can be restricted to assets that are either root nodes, or children of root nodes.

Matrix permissions based on the assigned token user are applied if root node access restrictions are not set against a token.

  1. Right-click on the Content API Manager and select New child  Content API Token.

  2. Set a name for the token and click Save.

  3. In the User field, select a user profile that provides the minimum access level required for the API.

  4. In the Root node restrictions field, use the asset picker to select one or more root-node assets to apply the access token to.

  5. Click Enabled to set the token to active.

  6. Click Save.

  7. Release the asset locks.

The token asset now has a Token assigned to it. You use this token in an API request to retrieve information from the assets you selected and granted access to.

API reference

The content API is a read-only (GET) interface: it can not update information stored in Matrix.

Base URL

The base URL for all content API endpoints you create is /__api/.

For example, if your site URL was the base URL translates to


The content API uses Authorization Bearer Tokens for authentication. Session-based authentication is not supported.

A token must be sent in a request to the API using an Authorization: Bearer statement.

Authorization: Bearer abcd1234

The “Bearer” statement keyword is case sensitive. For more information about this statement type, refer to the IETF RFC6750.

A randomly-generated unique token value is assigned to the token when the content API token asset is created. The token value cannot be changed once it is created.

Error responses

An HTTP 401 Unauthorised response containing a WWW-Authenticate header is returned under the following conditions:

  • The header is malformed.

  • The token is invalid because of the following reasons:

    • The asset is disabled or moved into the Trash.

    • A user has not been configured against the token.

  • An HTTP 403 Forbidden response is returned under the following conditions:

    • The user that is configured against the token does not have valid permissions to the requested asset.

    • The request is trying to access an asset that is not under an assigned root asset.

  • An HTTP 404 Not Found response is returned under the following conditions:

    • The requested endpoint does not exist.

    • The requested asset does not exist.

  • A 405 Method Not Allowed response is returned when anything other than a GET method verb is used in a request payload.

API reference documentation

Endpoint documentation is available from the Content API Manager  Documentation menu within your Matrix instance. This embedded documentation is version-specific. It describes the capabilities of each method offered by the API based on the version you have installed.

If you want to keep the documentation open after you click away from the Content API manager, click Open in New Window to detach the documentation into a separate browser tab.

Download the specification

You can download the full API specification in OpenAPI v3 format by clicking Download within the reference documentation.

© 2015- Squiz Pty Ltd