Webiny Docs home page
WHAT YOU'LL LEARN
  • how to create an API key

In this tutorial, we will learn how to create an API key with custom access permission to the Headless CMS. We will do this in 2 steps:

  • Step 1: Create an API.
  • Step 2: Define access permissions.

As an example, we will create an API with the following access permissions:

  • Permission to view and update a specific content model group.
  • Permission to view, create, update, and delete all content models inside the content model group.
  • Permission to view, create, update, and delete the content entries inside the content models.

Prerequisites
anchor

To follow this tutorial, you need to have a content model group named E-commerce in your Webiny instance. If you don’t have it, please follow the Create Content Model Group tutorial to create it.

Step 1: Create an API
anchor

  1. From the Side Menu, click Settings > ACCESS MANAGEMENT > API Keys.

  2. Click + NEW API KEY.

    ✔️ The form to create a new API key opens.

  3. In the Name textbox, type E-commerce CMG API.

  4. In the Description textbox, type API with full access to E-commerce content model group.

Step 2: Define Access Permissions
anchor

  1. Under the Permissions section, in the Content accordion, click All locales.

  2. Under the Permissions section, click Headless CMS.

    ✔️ The Headless CMS accordion opens.

  3. In the Access Level dropdown, click Custom access.

  4. Under GRAPHQL API TYPES, select all the three checkboxes - Read, Manage, and Preview.

  5. Under the CONTENT MODEL GROUPS section:

    a. In the Access Scope dropdown, click Only specific groups.

    ✔️ A list of content model groups in the current locale appears.

    b. Select the E-Commerce checkbox.

    c. In the Primary Actions dropdown, click Read, write.

  6. Under the CONTENT MODELS section:

    a. In the Access Scope dropdown, click All models.

    b. In the Primary Actions dropdown, click Read, write, delete.

  7. Under the CONTENT ENTRIES section:

    a. In the Access Scope dropdown, click All entries.

    b. In the Primary Actions dropdown, click Read, write, delete.

  8. Under PUBLISHING ACTIONS, select Publish and Unpublish checkboxes.

  9. Click SAVE API KEY.

    ✔️ The message “API key saved successfully.” displays.

    ✔️ The API key is generated and is visible in the Token text field.