Write Token

The Write Token is a per-project credential that authorizes write operations against the Content Island REST API. While the regular access token (read token) only allows you to retrieve content, the write token lets you create, update and publish content — and manage your project schema (models & enums) — programmatically — perfect for migrations, scripts, integrations and CI/CD workflows.

Note

The write token is a separate token from the read token. They coexist in the same project: keep using the read token for GET requests and use the write token only for POST / PUT calls.

Generating the Write Token

1. Open your project in the Content Island dashboard.
2. Go to the General tab (see Project › General).
3. Click the Generate Write Token button shown next to the regular token.
4. Copy the value with the copy button. You can show/hide it and regenerate it at any time.

Caution

Regenerating the write token invalidates the previous one immediately. Any application or script still using the old value will start receiving 401 Unauthorized until you update it.

Plan availability

The write token is available on the Solo Developer, Team and Enterprise plans. It is not available on the Free plan — the Generate Write Token button will prompt you to upgrade.

How to use it

Send the write token in the standard Authorization header, exactly like the read token:

shell

curl -X POST https://api.contentisland.net/api/1.0/content \
--header 'Authorization: Bearer YOUR_WRITE_TOKEN' \
--header 'Content-Type: application/json' \
--data '{
  "contentType": "post",
  "name": "My first post",
  "content": [
    {
      "language": "en",
      "fields": [
        { "name": "title", "value": "Hello world" },
        { "name": "body",  "value": "This was created via the REST API." }
      ]
    }
  ]
}'

If you call a write endpoint with a read token, the server responds with 403 Forbidden.

What you can do with it

The write token gives access to the following endpoints:

Content

• POST /content — create a new content entry.
• PUT /content/:id — update the value of a field on an existing content entry.
• POST /content/:id/publish — publish a content entry.
• POST /resource/upload — upload an asset (image, video, file) to your project.

Schema (models & enums)

• POST /model/entity — create a new entity model.
• PUT /model/entity/:id — update an existing entity model.
• DELETE /model/entity/:id — delete an entity model.
• POST /model/enum — create a new enum.
• PUT /model/enum/:id — update an existing enum.
• DELETE /model/enum/:id — delete an enum.

If you’re using JavaScript or TypeScript, the Content Island API client exposes these same operations: the content ones as createContent, updateContentFieldValue, publishContent and uploadMedia, and the schema ones as createModel, updateModel, deleteModel, createEnum, updateEnum and deleteEnum.

If you’re using an MCP client (Claude Desktop, Cursor, VS Code, Claude Code, …), the Content Island MCP server exposes these same operations as tools your AI agent can call — including the schema-management tools for models and enums.

Security best practices

Danger

A write token can modify your content. Treat it like any other production secret.

• Never commit it to a Git repository. Use environment variables or a secret manager.
• Never expose it on the client side (browser, mobile app). Write tokens are intended for trusted backends, server-side scripts and CI pipelines.
• Rotate it immediately if you suspect it has been leaked — open the General tab and click the refresh icon next to the write token to regenerate it.
• Prefer scoping different environments (dev, staging, prod) to different projects so a leak in one environment does not compromise the others.