Some APIs require API keys. API keys are similar to physical keys. You use them to get access to things.With Kontent.ai, you can use multiple API keys to gain access to your projects. Learn to choose the right ones for your purpose.
To follow the principle of least privilege, Kontent.ai offers multiple types of API keys for different use cases. This allows you to manage and read content independently without any security impact.Get familiar with the available API keys and their purpose in the following diagram.
There are several types of API keys to choose from. The choice of the right one depends on what you need to accomplish.
Criteria
Delivery API key
Management API key
Personal API key
Subscription API key
Create multiple API keys
Yes
Yes
No (one per user per project)
No (one per subscription admin)
Integrations-friendly
Yes (read-only integrations)
Yes
Yes (limited to the owner’s permissions)
Yes (subscription-level integrations)
You can use this table as a quick reference.
Kontent.ai provides three types of API keys that you can use for content management via API. Each type of API key provides a different level of access to your content and project.
Let’s go through them one by one to understand the differences.
While you can use Management API to read content from your projects, Delivery API is faster for content delivery scenarios and scales better. And there’s just a single type of API key!
Delivery API keys provide read access to your published content, the latest unpublished content, or both. This depends on how you set up your Delivery API key.
Create as many Delivery API keys as you need. Using multiple Delivery API keys is important to manage your live and preview environments separately. It also helps avoid outages during API key rotation.
Every first-party and third-party integration has unique security and maintenance requirements. That’s why all user-managed API keys have configurable expiration dates to best fit your needs.The API key expiration is limited to satisfy common security practices and avoid access that never expires.
For Delivery API keys, the default is 12 months, with the maximum expiration time of 5 years.
For Management API-capable API keys, the default is 6 months, with the maximum expiration time of 2 years.
Management API keys provide a static set of customizable permissions. This means you can choose what resources can be accessed with the API key. For example, you can limit your Management API key to only allow read access to content items. Once the API key is set up, it allows access based on its permissions until the API key expires.You can have as many Management API keys as you need. We recommend creating unique Management API keys for each integration and environment so that each API key has only the least permissions necessary and not more.
Personal API keys provide a dynamic set of inherited permissions. In other words, the API key has the same permissions as its owner. This means the permissions provided by a Personal API key can change in the future based on the role and access level the API key owner has. Due to Personal API keys being tied to their owner’s permissions, we don’t recommend them for production. You cannot easily limit Personal API keys to the resources you need for a specific scenario.However, they’re fine if you need to test things out in non-production environments.
Subscription API keys are like a more powerful brother of Personal API keys. They also inherit the permissions of their owners, but the owners are subscription admins who can access any project under a subscription.A Subscription API key allows access to the resources available through Management API and Subscription API. This key is your choice if you need to work with users via API. For other API tasks, it’s safer to use a more limited Management API key.
Sign in with your Kontent.ai credentials or sign up for free to unlock the full lesson, track your progress, and access exclusive expert insights and tips!
Jan Cerman, Daniel Filakovsky
5 minutes
Security / API
, Kontent.ai offers multiple types of API keys for different use cases. This allows you to manage and read content independently without any security impact.
Get familiar with the available API keys and their purpose in the following diagram.
