API keys management

For applications, where you don't identify and authenticate individual users, you can use an API key. These API keys are in fact an identity (without a person) with permanent access token. So you can later manage memberships of users and API keys using the same API.

Create API key

Using GraphQL API

mutation {
createApiKey(
projectSlug: "my-blog",
memberships: [{role: "editor", variables: [{name: "language", values: ["cs"]}]}]
) {
ok
errors {
code
}
result {
apiKey {
id
token
identity {
id
}
}
}
}
}

This mutations returns 3 identifiers, which may be relevant for you:

  • API key ID: using this ID you can later call a disableApiKey and invalidate this API key
  • identity ID: which you use to modify API key memberships and permissions
  • token: which is a bearer token, which you use in all GraphQL requests

Using CLI

There is also a interactive CLI command for creating an API key. Run

npx contember tenant:create-api-key

and follow the instructions

Disable API key

You need an API key ID to disable it. Do not confuse this id with identity id!

mutation {
disableApiKey(id: "fb6658f3-a000-4448-ac9e-0688f1afa3d7") {
ok
}
}