Content API

Authentication

All requests to Contento need to be authenticated with two pieces of information: an API token and the site ID you want to interact with.


API Keys

API keys can be generated by you in the Contento admin panel. Go to your account settings, and then select “API Keys” to manage them.

Once you have your key save it somewhere sensible, like in your project’s .env file as you’ll need to authenticate every request you make to the API with that token.

To authenticate a request use a standard Authorization header with a bearer token:

Authorization: Bearer {token}

Site ID

You’ll also need to get the ID of the site you wish to call the API against. Go to the sites list and look for the value in the ID column, then pass that in a custom X-CONTENTO-SITE header:

X-CONTENTO-SITE: {site_id}

Making a basic request

This is how a basic request to our /content/{id} endpoint might look like using cURL:

curl "https://app.contento.io/api/v1/content/Zx6Wy2ejOY" \
     -H 'Authorization: Bearer {token}' \
     -H 'X-CONTENTO-SITE: {site_id}'

And here is a more realistic example using the getStaticProps() method in a Next.js project:

// ...

export async function getStaticProps() {
    const res = await fetch(process.env.CONTENTO_API_URL+'content/Zx6Wy2ejOY', {
        method: 'GET',
        headers: {
            'Content-Type': 'application/json',
            'Authorization': 'Bearer '+process.env.CONTENTO_API_KEY,
            'X-CONTENTO-SITE': process.env.CONTENTO_SITE_ID
        },
    })

    const page = await res.json()
    
    return {
        props: {
            page
        }
    }
}

// ...

Errors

If you omit or send either an expired or wrong API token in the Authorization header you will generate the following error response:

401 Unauthorized

{
  "message":"Unauthenticated."
}

If you omit or send the wrong X-CONTENTO-SITE header or don’t have access to the site ID you are requesting you will generate one of the following error responses:

403 Forbidden

{
  "message": "You must supply the Site ID in the appropriate header."
}
{
  "message": "You are not permitted to access this Site."
}

400 Bad Request

{
  "message": "Invalid Site ID."
}
Previous
Overview