Authentication
Project tokens
Project tokens are API tokens that can make requests on behalf of a project. They are granted permissions, which restrict the type of actions they can perform.
A permission is scoped to a blueprint and an ability. A token will only be able to interact with resources inherited from blueprints you specify. The following abilities are available :
Ability | Description | Use case |
|---|---|---|
View | List & view published resources | Building a production website |
Preview | List & view all resources, including unpublished | Building a development website |
Create | Create new unpublished resources | Managing untrusted user-content, such as comments |
Publish | Create new published resources | Automating creation of trusted content, such as blog posts |
API authentication
Projects tokens are passed to the API as a Bearer token in the Authorization header. For instance, using cURL: