Choose the right API key for the job

calendar icon
user iconJan Cerman, Daniel Filakovsky
clock icon4 minutes
bullseye iconSecurity / API
arrow-down-line iconDownload PDF
Some APIs require API keys. API keys are similar to physical keys. You use them to get access to things.With Kontent.ai, you can use multiple API keys to gain access to your projects. Learn to choose the right ones for your purpose.

What API keys are there in Kontent.ai?

To follow the principle of least privilegearrow-right-top-square icon, Kontent.ai offers multiple types of API keys for different use cases. This allows you to manage and read content independently without any security impact. Get familiar with the available API keys and their purpose in the following diagram.

Which API key to choose?

There are several types of API keys to choose from. The choice of the right one depends on what you need to accomplish.
CriteriaDelivery API keyManagement API keyPersonal API keySubscription API key
Create multiple API keysYesYesNo (one per user per project)No (one per subscription admin)
Integrations-friendlyYes (read-only integrations)YesYes (limited to the owner’s permissions)Yes (subscription-level integrations)
Limit permissionsNoYesSame as ownerSame as owner
Limit environmentsYesYesSame as ownerSame as owner
Preview contentYes (if configured for preview)NoNoNo
Production-friendlyYesYes (with appropriate permissions)NoYes (for subscription-wide operations)
Shareable with other Kontent.ai usersYesYesNoNo
Static permissionsYesYesNo (dynamic)No (dynamic)
You can use this table as a quick reference.

The key to managing your content

Kontent.ai provides three types of API keys that you can use for content management via API. Each type of API key provides a different level of access to your content and project. Let’s go through them one by one to understand the differences.

Get content with Delivery API keys

While you can use Management API to read content from your projects, Delivery API is faster for content delivery scenarios and scales better. And there’s just a single type of API key! Delivery API keys provide read access to your published content, the latest unpublished content, or both. This depends on how you set up your Delivery API key. Create as many Delivery API keys as you need. Using multiple Delivery API keys is important to manage your live and preview environments separately. It also helps avoid outages during API key rotation.

API keys aren’t forever

Every first-party and third-party integration has unique security and maintenance requirements. That’s why all user-managed API keys have configurable expiration dates to best fit your needs.The API key expiration is limited to satisfy common security practices and avoid access that never expires.
  • For Delivery API keys, the default is 12 months, with the maximum expiration time of 5 years.
  • For Management API-capable API keys, the default is 6 months, with the maximum expiration time of 2 years.
  • Develop with Kontent.ai
  • Manage API keys
  • Hello World
  • Hello Web Spotlight
  • Try sample apps
  • Build apps
  • Decide navigation and URLs
  • Environments
  • Get Developer Certification
light-bulb icon
Sign in
Apart from the access token created during sign-in, all the API keys are user-managed.
Management API keys provide a static set of customizable permissions. This means you can choose what resources can be accessed with the API key. For example, you can limit your Management API key to only allow read access to content items. Once the API key is set up, it allows access based on its permissions until the API key expires.You can have as many Management API keys as you need. We recommend creating unique Management API keys for each integration and environment so that each API key has only the least permissions necessary and not more.
Personal API keys provide a dynamic set of inherited permissions. In other words, the API key has the same permissions as its owner. This means the permissions provided by a Personal API key can change in the future based on the role and access level the API key owner has. Due to Personal API keys being tied to their owner’s permissions, we don’t recommend them for production. You cannot easily limit Personal API keys to the resources you need for a specific scenario. However, they’re fine if you need to test things out in non-production environments.
Subscription API keys are like a more powerful brother of Personal API keys. They also inherit the permissions of their owners, but the owners are subscription admins who can access any project under a subscription.A Subscription API key allows access to the resources available through Management API and Subscription API. This key is your choice if you need to work with users via API. For other API tasks, it’s safer to use a more limited Management API key.
  • desktop-alt icon
  • Cheat sheets
  • Documentation
  • API reference
  • Product updates
Kontent.ai Learn
  • Plan
  • Set up
  • Model
  • Develop
  • Create
  • Meet the APIs
  • Choose API keys
  • Understand API key lifecycle
  • Roles and their responsibilities
  • Testlock icon
Copyright © 2024 Kontent.aiarrow-right-top-square icon. All rights reserved.
  • Webarrow-right-top-square icon
  • Privacy policyarrow-right-top-square icon
  • Cookies policy
  • Consent settingsarrow-right-top-square icon
  • Securityarrow-right-top-square icon
  • GDPRarrow-right-top-square icon
Sign in with your Kontent.ai credentials or sign up for free to unlock the full lesson, track your progress, and access exclusive expert insights and tips!
  • Sign in
  • What API keys are there in Kontent.ai?
  • Which API key to choose?
  • The key to managing your content
  • Get content with Delivery API keys
  • API keys aren’t forever