Authentication Tokens
Content Publisher uses secret tokens to authenticate API calls. If an API request is made with an invalid or revoked token, Content Publisher returns an error.
Content Publisher uses two types of authentication tokens:
Management Tokens allow you to perform administrative tasks like creating collections and adjusting admin roles. Use these tokens to use Content Publisher REST API for actions related to sites, tokens, and users.
Access Tokens enable a website or an app to retrieve and search content through the Content Publisher's delivery API (GraphQL). You can create an access token to access either a specific collection, or all the collections for which you are administrator or collection manager.
You can manage tokens from the Content Publisher administration interface settings.
The interface allows to:
- Creating new tokens (token are named upon creation, and you can add a description)
- Accessing the list of tokens created for your account
- Deleting tokens (equivalent of revoking)
You can also manage tokens from the CLI interface.
For security reasons, all tokens are only displayed once. You can see them and copy them immediately after creating them. After that, storing, sharing and accessing these tokens is your own responsibility. We recommend the use of secured secrets storage management tools.
In the case you lose access to a token, you can simply create a new one.