Authentication
Authentication in the Content Island REST API is done using an access token that must be included in every API request in the Authorization header. This token is used to identify the project and ensure that only authorized users can access the data.
curl https://api.contentisland.net/api/1.0/contents --header 'Authorization: Bearer YOUR_ACCESS_TOKEN'Read token vs Write token
Each project exposes two independent tokens. Both are sent in the Authorization: Bearer <token> header, but they grant different permissions:
| Token type | Header value | Allows | Plan |
|---|---|---|---|
| Read token | Authorization: Bearer READ_TOKEN | GET on /content, /contents, /contents/size, … | All plans |
| Write token | Authorization: Bearer WRITE_TOKEN | POST / PUT on /content (create, update, publish) and POST /resource/upload (file uploads) | Solo and up |
Calling a write endpoint with a read token returns 403 Forbidden.