API Access Levels

You can create API tokens with specific access levels to provide permissions to access or modify different aspects of your platform using Staffbase APIs. This ensures that only authorized tokens can access sensitive information, thus preventing data breaches while maintaining security.

API tokens have five different token access levels:

• Administrative

  These tokens have the highest level of access and come with complete access to Staffbase API methods. Using these tokens, you can perform any Staffbase API request, such as managing users, spaces, content, and more.

• Managing Editorial

  These tokens can create news channels, pages, and plugins. They can also update their settings or delete them.

• Editorial

  These tokens can update content in news channels, pages, and plugins. They can also access comment management and menu settings.

• Read-only

  These tokens can retrieve information about content that is published.

• Restricted Read-only

These tokens have very limited permissions and can retrieve public area content. They can also retrieve selected content when necessary permissions are provided.

• A token with Read-only access can retrieve different analytics on content using the Analytics API but is restricted from making changes to a post or page’s content using the News API or Pages API.
• A token with Managing Editorial can manage all the News and Pages content but is restricted from modifying user data using the User API or modifying spaces using the Spaces API.