OAuth
OAuth token is a type of content management token which can used in case of building a public integration that requests access to other Contentful user's data.
Creating an OAuth 2.0 application
If you are creating a client for changing content stored in Contentful, you will need to create a custom OAuth application.
An OAuth 2.0 application has a number of benefits:
- OAuth 2.0 access tokens are linked to your OAuth 2.0 application.
- You can request the correct OAuth 2.0 scopes for your client (
content_management_read
orcontent_management_manage
). - You can specify a custom redirect URI that will receive the access token as part of the URI's hash fragment.
- You can specify a custom name and description.
- You can specify whether your client is confidential or public.
Create a new OAuth 2.0 application
Requesting an OAuth 2.0 access token
After creating an OAuth 2.0 application, you can use it to request OAuth 2.0 access tokens.
Redirect your users to Contentful's OAuth 2.0 endpoint URI. This will show a web page where logged in Contentful users can authorize your client to access their content.
https://be.contentful.com/oauth/authorize?response_type=token&client_id=$YOUR_APPS_CLIENT_ID&redirect_uri=$YOUR_APPS_REDIRECT_URL&scope=content_management_manage
After a user has logged in, handle the callback from Contentful to your specified redirect URI. This will look similar to the example below, and you can extract the access token from the URI hash fragment.
https://my-host.com/my-app/#access_token=$CONTENT_MANAGEMENT_API_ACCESS_TOKEN
Keep the extracted access token for future use. You will now be able to make Content Management API requests on behalf of the authenticated user.
Please note that the redirect URI must be HTTPS. During the development phase of your application, you may be using localhost. We suggest using a tool like ngrok which provides a public URL and tunnel to connect to your localhost.