Discover how to use API tokens with varying access levels to manage different aspects of your platform using APIs.
You can create API tokens with specific access levels to provide permissions to access or modify different aspects of your platform using Staffbase APIs. This ensures that only authorized tokens can access sensitive information, thus preventing data breaches while maintaining security.
API tokens have five different token access levels:
-
Administrative
These tokens have the highest level of access and come with complete access to Staffbase API methods. Using these tokens, you can perform any Staffbase API request, such as managing users, spaces, content, and more.
-
Managing Editorial
These tokens can create news channels, pages, and plugins. They can also update their settings or delete them.
-
Editorial
These tokens can update content in news channels, pages, and plugins. They can also access comment management and menu settings.
-
Read-only
These tokens can retrieve information about content that is published.
-
Restricted Read-only
These tokens have very limited permissions and can retrieve public area content. They can also retrieve selected content when necessary permissions are provided.
- A token with Read-only access can retrieve different analytics on content using the Analytics API but is restricted from making changes to a post or page's content using the News API or Pages API.
- A token with Managing Editorial can manage all the News and Pages content but is restricted from modifying user data using the User API or modifying spaces using the Spaces API.
Although these are the token access levels, depending on what explicit permissions you give to the token, what actions the token could perform differ.
For example:
- If you create an API token with Restricted Read-only access and add the token as a Contributor to a News channel, the token can update news posts in that channel.
- If you create an API token with Read-only access and add it as an Editor of a page, the token can update the page's content.