Access Token Removal FAQs

We have stopped supporting Access Tokens for stacks created after December 16, 2020. This means stacks created after this date will not have Access Tokens. You need to use Delivery Tokens for making authorized Content Delivery API requests and use Management Token or Authtoken for Content Management API requests.

Note: You need to pass the value of Delivery Token against the ‘access_token’ key to make authorized Content Delivery API requests.

• Use Delivery Tokens to fetch environment-specific published content (assets and entries).
• Use Management Tokens to fetch unpublished or draft content (assets or entries). You can also use them in Content Management API requests to perform PUT, POST, and DELETE operations.

No. Only the stacks created after December 16, 2020 won't support access tokens. Existing stacks, i.e., stacks created before December 16, 2020 will continue to support access tokens. However, we strongly recommend using management tokens and delivery tokens instead.

If you have a request similar to the following example:

curl -X GET \
'https://api.contentstack.io/v3/content_types/123/entries/blt15c55f3a4832aecf?include_publish_details=true&include_workflow=true' \
  -H 'accept-encoding: application/json' \
  -H 'access_token: blt83dc39df2c313508' \
  -H 'api_key: blt4f22b9b7b5c131b0'

It will not work for stacks created after December 16, 2020. To make it work, the request should use the value of a delivery token against the ‘access_token’ key.

Delivery Tokens for Access Tokens

You can create a Delivery Token for each publishing environment.

If you have used an Access Token for fetching published content, we recommend using Delivery Token against the access_token header parameter in your Content Delivery API requests.

Management Tokens for Access Tokens

You can create a Management Token or request the stack owner/admin to create a Management Token to authorize any stack-level read or write operations.

If you have used an Access Token for fetching unpublished or draft content, we recommend using the value of the Management Token against the authorization header parameter in your Content Management API requests.

Delivery Tokens

In your Content Delivery API requests, you need to use the value of the Delivery Token against the access_token header parameter.

Management Tokens

In your Content Management API requests, instead of the access_token header parameter, use the authorization parameter and pass the value of your Management Token against it.

Here’s a sample cURL for reference:

curl -X GET 'https://api.contentstack.io/v3/content_types/{ContentTypeUid}/entries/{EntryUid}' \
  -H 'access_token: blt83dc39df2c313508' \
  -H 'authorization: XXXXXXXXXXXXXXXX' \
  -H 'api_key: blt1f23b4c5d6e789f0'

No such log is maintained by Contentstack. So you need to ensure at your end that you create delivery and management tokens and replace access tokens with them at all instances as suggested above.

We have not removed the access_token key from the headers. The key is still available in the header since we support Access Token for older stacks. For newer stacks, you need to use the value of Delivery Token against the ‘access_token’ key.

No. You can use only the value of the Delivery Token against the access_token key for Content Delivery API requests.

For Content Management API (CMA) requests, you can use the value of the Management Token against the authorization parameter. Alternatively, you can use the authtoken parameter for CMA requests. Learn about the different types of tokens and their usage.

The following screenshot shows how you use the authtoken or authorization header parameters while running API requests through the Postman application: