contento
contento
API Reference

Authentication

How to authenticate requests to the Contento REST API.

All REST API endpoints under /api/v1/ require authentication via an API key.

API key format

Pass your API key in the Authorization header as a Bearer token:

Authorization: Bearer cnt_<your-key>

Keys are scoped — see Concepts: API Keys for the scope table.

Creating a key

Keys are created in the admin UI under Project → API Keys, or via the API:

POST /api/v1/projects/:id/keys
Authorization: Bearer <admin-key>
Content-Type: application/json

{
  "name": "My integration",
  "scopes": ["read", "write"],
  "expiresAt": "2026-12-31T00:00:00.000Z"
}

The raw key is returned once in the response — store it securely. Contento only stores the hash.

Error responses

StatusMeaning
401 UnauthorizedNo token provided or token not found
403 ForbiddenToken found but insufficient scope

Admin UI (session-based)

The admin UI at /admin uses NextAuth v5 with Authentik OIDC. Session cookies are handled automatically — no Bearer token needed when calling the API from the admin UI context.

Concepts

Projects, buckets, API keys, visibility, and how they fit together.

Projects

Create, read, update, and delete projects.

On this page

API key formatCreating a keyError responsesAdmin UI (session-based)