Storyblok
Login Contact Us Try for Free

  1. Authentication

Authentication

To authenticate your account when making API requests, include an access token in the Authorization header. There are two types of access tokens in Storyblok:

1. Personal Access Token

A Personal Access Token is obtained from the Storyblok UI and grants access to all spaces associated with your account, including the Management API.

  • It is not tied to a single space but allows actions based on your permissions in all accessible spaces.
  • This token is used without the Bearer keyword in the Authorization header.
  • You can generate or manage personal access tokens in the Storyblok Account settings.

Personal access tokens grant broad access to your account. Never expose them in frontend code or commit them to version control. Always store them securely using environment variables. If exposed, revoke the token immediately and generate a new one.

2. OAuth Access Token

An OAuth Access Token is obtained via the OAuth2 authentication flow and is tied to a single space.

  • It has a time-to-live (TTL) and is used for authenticating third-party apps or integrations.
  • Permissions (scopes) such as read_content and write_content are granted during the OAuth process.
  • This token must be used with the Bearer keyword in the Authorization header.
  • OAuth access tokens only provide access to specific Management API endpoints, which are documented in the Management API Reference.

You can learn more about obtaining an OAuth access token in the Storyblok OAuth2 Authentication Guide.

Authenticating API Requests

To authenticate requests to the Management API, include your access token in the Authorization header.

Using curl: Personal Access Token Example

curl -H "Authorization: YOUR_PERSONAL_ACCESS_TOKEN" https://mapi.storyblok.com/

Using curl: OAuth Access Token Example

curl -H "Authorization: Bearer YOUR_OAUTH_ACCESS_TOKEN" https://mapi.storyblok.com/

Using Storyblok's JavaScript SDK: Personal Access Token Example

const StoryblokClient = require('storyblok-js-client')

const Storyblok = new StoryblokClient({
  oauthToken: 'YOUR_PERSONAL_ACCESS_TOKEN'
})

Using Storyblok's JavaScript SDK: OAuth Access Token Example

const StoryblokClient = require('storyblok-js-client')

const Storyblok = new StoryblokClient({
  oauthToken: 'Bearer YOUR_PERSONAL_ACCESS_TOKEN'
})
🍪 Cookie Notice

We use cookies to learn how you interact with our content, and show you relevant content and ads based on your browsing history. You can adjust your settings below. Here's our policy.

Manage your preferences