Manage content API tokens
All API tokens are managed through the API manager, which you can access through. You create tokens beneath this management asset and link the tokens to other root asset nodes you want to access using headless mode.
As a system administrator, you can control what parts of the asset tree a content API can access, and what permission restrictions each content API should inherit based on the user profile selected.
The following fields let you configure what access the API has to your site.
Lets you enable or disable this token. If you disable the token, any integrations you have set up using this token will be unavailable.
Requests sent while the token is disabled return a HTTP 401 Unauthorized error when returned in an API request.
The name of the asset displayed in the asset tree. You set this name when you create the token asset.
You can change the name without affecting access to the API endpoint: the asset name is purely to help you locate it in the asset tree.
The API token you use in requests for this content API integration. The token is a unique value, and can not be changed.
Select the user to base the permissions of the token against. You can choose any user account type to base the permissions on, depending on the requirements of your API integration.
If you do not select a user, the API returns an HTTP 401 Unauthorized error.
You can also set Root node restrictions to explicitly control what parts of your site are accessible to the API endpoint, in addition to inherited user permissions.
- Root node restrictions
Select the root node (or nodes) you want to explicitly grant access to through the API integration, in line with the inherited permissions of the selected user.
If you do not set root node restrictions, the permissions of the selected User determine what assets and resources are available through the API.
Requesting a resource that is not under a restricted root node results in an HTTP 403 Forbidden response being returned.
Tokens can be restricted to assets that are either root nodes, or children of root nodes.
Matrix permissions based on the assigned token user are applied if root node access restrictions are not set against a token.
To create a content API token:
Right-click on the Content API Manager and select.
Set a name for the token and select Save.
In the User field, select a user profile that provides the minimum access level required for the API.
In the Root node restrictions field, use the asset picker to select one or more root-node assets to apply the access token to.
Select Enabled to set the token to active.
Release the asset locks.
The token asset now has a Token assigned to it. You use this token in an API request to retrieve information from the assets you selected and granted access to.