Content Management API

Access tokens

This set of endpoints allows you to manage CMA tokens (Personal access tokens, CLI tokens, OAuth application tokens). These tokens provide you with access to the Content Management API (CMA) and are an alternative means of authentication to our existing OAuth 2.0 flow.

A CMA token inherits the same access rights as your Contentful account. In other words, if you have access to multiple spaces and organizations, your token will too.

Access tokens collection

Create a Personal access token

This endpoint allows you to create a Personal Access Token. When creating a token, you must specify at least one scope, which is used to limit a tokens access. The following scopes are supported:

  • content_management_read - Read-only access
  • content_management_manage - Read and write access

Since content_management_manage allows you to read and write, specifying

"scopes": ["content_management_manage"] is equivalent to:

"scopes": ["content_management_read", "content_management_manage"]

expiresIn – Time-to-live (TTL) of the token expressed in seconds. This is an optional field. If the field isn’t passed, then TTL is not set. Therefore, the token will not auto-expire.

This is the only time you will be displayed the token attribute, which contains your access token for the Content Management API. Please ensure you copy it and keep it in a safe place (e.g. outside of your source code repository, an environment variable on your server, …)

Get all access tokens

This endpoint will return all active CMA tokens, including revoked tokens. The possible types of tokens are PersonalAccessToken, CLIToken and OAuthApplication.

The following table contains all the filters (query params) available for this endpoint:

FilterDescription
sys.type[in]Filter tokens to those matching the comma-separated list of types (e.g. sys.type[in]=PersonalAccessToken,CLIToken,OAuthApplication)
sys.expiresAt[gt]Filter tokens by expiresAt date greater then provided value in ISO 8601 format (e.g. sys.expiresAt[gt]=2023-08-17T09:00:00)
sys.expiresAt[lt]Filter tokens by expiresAt date less then provided value in ISO 8601 format (e.g. sys.expiresAt[lt]=2023-08-17T09:00:00)
sys.expiresAt=NULLFilter tokens by expiresAt date equals null, it returns all tokens without an expiration date. Also works with ommited value, for example ?sys.expiresAt
sys.revokedAt[gt]Filter tokens by revokedAt date greater then provided value in ISO 8601 format (e.g. sys.revokedAt[gt]=2023-08-17T09:00:00)
sys.revokedAt[lt]Filter tokens by revokedAt date less then provided value in ISO 8601 format (e.g. sys.revokedAt[lt]=2023-08-17T09:00:00)
sys.revokedAt=NULLFilter tokens by revokedAt date equals null, it returns all tokens without an expiration date. Also works with ommited value, for example ?sys.revokedAt
sys.createdAt[gt]Filter tokens by createdAt date greater then provided value in ISO 8601 format (e.g. sys.createdAt[gt]=2023-08-17T09:00:00)
sys.createdAt[lt]Filter tokens by createdAt date less then provided value in ISO 8601 format (e.g. sys.createdAt[lt]=2023-08-17T09:00:00)
sys.lastUsedAt[gt]Filter tokens by lastUsedAt date greater then provided value in ISO 8601 format (e.g. sys.lastUsedAt[gt]=2023-08-17T09:00:00)
sys.lastUsedAt[lt]Filter tokens by lastUsedAt date less then provided value in ISO 8601 format (e.g. sys.lastUsedAt[lt]=2023-08-17T09:00:00)
orderOrders the query results. The available options include sys.createdAt, -sys.createdAt, sys.expiresAt and -sys.expiresAt
querySearch parameter. Search implemented by 4 last characters of the token or the name of the token (e.g. ?query=token,?query=bQrU)

More examples with date range filters:

?sys.expiresAt[gt]=${now_as_iso_date}&revokedAt=null – Returns all active tokens.

?sys.expiresAt[lt]=${now_as_iso_date}&revokedAt=null – Returns all expired tokens.

?revokedAt[lt]=${now_as_iso_date} – Returns all revoked tokens.

Access token

Get an access token

This endpoint returns details about an existing CMA token.

Token revoking

Revoke an access token

This endpoint allows you to revoke a CMA token. It will set revokedAt to the timestamp of when the request was received.

This action can not be undone.

Admin view Access tokens collection

Get all access tokens

The endpoint should return redacted versions of all CMA tokens belonging to the users who are members of the given organization. This access is only available for admins and owners.

FilterDescription
sys.type[in]Filter tokens to those matching the comma-separated list of types (e.g. sys.type[in]=PersonalAccessToken,CLIToken,OAuthApplication)
sys.expiresAt[gt]Filter tokens by expiresAt date greater then provided value in ISO 8601 format (e.g. sys.expiresAt[gt]=2023-08-17T09:00:00)
sys.expiresAt[lt]Filter tokens by expiresAt date less then provided value in ISO 8601 format (e.g. sys.expiresAt[lt]=2023-08-17T09:00:00)
sys.expiresAt=NULLFilter tokens by expiresAt date equals null, it returns all tokens without an expiration date. Also works with ommited value, for example ?sys.expiresAt
sys.revokedAt[gt]Filter tokens by revokedAt date greater then provided value in ISO 8601 format (e.g. sys.revokedAt[gt]=2023-08-17T09:00:00)
sys.revokedAt[lt]Filter tokens by revokedAt date less then provided value in ISO 8601 format (e.g. sys.revokedAt[lt]=2023-08-17T09:00:00)
sys.revokedAt=NULLFilter tokens by revokedAt date equals null, it returns all tokens without an expiration date. Also works with ommited value, for example ?sys.revokedAt
sys.createdAt[gt]Filter tokens by createdAt date greater then provided value in ISO 8601 format (e.g. sys.createdAt[gt]=2023-08-17T09:00:00)
sys.createdAt[lt]Filter tokens by createdAt date less then provided value in ISO 8601 format (e.g. sys.createdAt[lt]=2023-08-17T09:00:00)
sys.lastUsedAt[gt]Filter tokens by lastUsedAt date greater then provided value in ISO 8601 format (e.g. sys.lastUsedAt[gt]=2023-08-17T09:00:00)
sys.lastUsedAt[lt]Filter tokens by lastUsedAt date less then provided value in ISO 8601 format (e.g. sys.lastUsedAt[lt]=2023-08-17T09:00:00)
orderOrders the query results. The available options include sys.createdAt, -sys.createdAt, sys.expiresAt, -sys.expiresAt, sys.lastUsedAt, -sys.lastUsedAt, sys.user.firstName, -sys.user.firstName, sys.user.lastName, -sys.user.lastName
querySearch parameter. Search implemented by 4 last characters of the token (e.g. ?query=bQrU)

More examples with date range filters: ?sys.expiresAt[gt]=${now_as_iso_date}&revokedAt=null – Returns all active tokens. ?sys.expiresAt[lt]=${now_as_iso_date}&revokedAt=null – Returns all expired tokens. ?revokedAt[lt]=${now_as_iso_date} – Returns all revoked tokens.