Manage content API tokens

All API tokens are managed through the API manager, which you can access through System Management  Content API Manager. You create tokens beneath this management asset and link the tokens to other root asset nodes you want to access using headless mode.

As a system administrator, you can control what parts of the asset tree a content API can access and what permission restrictions each content API should inherit based on the user profile selected.

API token field reference

The following fields let you configure what access the API has to your site.


Allows you to enable or deactivate this token. If you deactivate the token, any integrations you have set up using this token will be unavailable.

Requests sent while the token is deactivated return a HTTP 401 Unauthorized error when returned in an API request.


The name of the asset displayed in the asset tree. You set this name when you create the token asset.

You can change the name without affecting access to the API endpoint: the asset name is purely to help you locate it in the asset tree.


The API token you use in requests for this content API integration. The token is a unique value and can not be changed.


Select the user against which to base the token’s permissions.

Ensure the selected user only has read and not read/write user access permissions.

This deliberate user access level recommendation prevents the API from returning data for unpublished assets and other data accessible to read-write users.

You can also set Root node restrictions to further restrict what parts of your site are accessible to the read-only API endpoint, in addition to the inherited user’s read-only permissions.

You can choose any user account type to base the permissions on, depending on the requirements of your API integration.

The API returns an HTTP 401 Unauthorized error if you do not select a user.

Root node restrictions

Select the root node (or nodes) you want to explicitly grant access to through the API integration, which match the inherited permissions of the selected read-only user.

If you do not set root node restrictions, the read-only permissions of the selected User determine what assets and resources are available through the API.

Requesting a resource not under a restricted root node results in an HTTP 403 Forbidden response being returned.

How to create a content API token

Tokens can be restricted to assets that are either root nodes or children of root nodes.

Content Management Service permissions based on the assigned token user are applied if root node access restrictions are not set against a token.

To create a content API token:

  1. Right-click on the Content API Manager and select New child  Content API Token.

  2. Set a name for the token and select Save.

  3. In the User field, select a user profile that provides the minimum read-only level required for the API.

  4. In the Root node restrictions field, use the asset picker to select one or more root-node assets to scope the access token.

  5. Select Enabled to set the token to active.

  6. Select Save.

  7. Release the asset locks.

The token asset now has a Token assigned to it. You use this token in an API request to retrieve information from the assets you selected and granted access to.