The Content Delivery API and Preview API are fully available via SSL. You should request JSON data and assets through a secure transport.
Our client libraries enable SSL by default. Unless there is a reason to disable SSL you should leave it enabled to ensure maximum privacy for clients.
The Content Management API is only available via SSL, and you must make all requests using the https protocol.
Using SSL ensures that the content and access tokens of a space remain secure and that potential eavesdroppers cannot intercept your data.
Cross-origin resource sharing
CORS is supported by all modern browsers. Learn more about using CORS with this tutorial.
*, or all.
Access-Control-Allow-Headers: A long list of common headers, if you want to know more, read the reference below.
Access-Control-Allow-Methods: HTTP verbs. Typically the request type, plus
Access-Control-Max-Age: This varies depending on endpoint, but is a high value to avoid preflight requests.
Our APIs support conditional
GET requests via ETag and
Every API response (both single resources and searches) includes an
ETag header. The
ETag header changes depending on the content of the response. If a resource is updated or a search result changes, the ETag also changes.
To avoid unnecessary transfers you can set the
If-None-Match header of an API request to the
ETag previously received for the same API request.
If the content hasn't changed in the meantime the API will respond with a 304 Not Modified response. This makes a difference for large responses and especially binary files.
All API endpoints support GZip compression to save bandwidth. Please take into account that enabling compression will put more load on your clients' processors.
JSON format details
Contentful represents resources as JSON, encoded in UTF-8. Contentful represents dates and times as ISO 8601-encoded string, with system-generated dates represented as UTC.
Allow headers reference
Contentful receives the following headers:
Not what you’re looking for? Try our FAQ.