Headless CMS Blog

Read everything on headless CMS technology, tips, best practices, and how-tos.

Dec 09, 2016

Introducing Two-Factor Authentication: A New Level of Security

At Contentstack, we take security and privacy seriously.So today, we are pleased to inform you that our security has been upgraded with the introduction of two-factor authentication for Contentstack. This opt-in feature enables secure access to your account and ensures safety of your data and resources that reside in your Contentstack account.Two-Factor Authentication DefinedWhen you log in to your average social networking site or app, you typically enter your username/email and password to access your account. This may be the single step taken by the website/app to verify your identity and grant access to your account. This is known as one-factor authentication.When you add another factor to this password-only authentication system, it is known as two-factor authentication (2FA). In such a setup, you are required to provide an additional piece of information to verify your identity. In general, 2FA uses two of the three possible methods of verifying an identity:Something you know (password, secret PIN, zip code, etc.)Something you have (phone number, smart card, etc.)Something you are (fingerprint, retina scan, facial recognition, etc.)Benefits of Two-Step AuthenticationToday, most services focused on improving the security of the users and their data have adopted 2FA as a standard method for authentication. This is mainly because 2FA ensures that even if one of the factors have been compromised or leaked, the other factor keeps hackers/criminals from breaking into your account, thereby minimizing the risk of data theft.Here are the other benefits of using 2FA:Provides additional layer of securityMinimizes risk of data and identity theftReduces operational and security costThe Two Factors Used by ContentstackThe two factors used by  Contentstack for authentication are:Password (something you know)One-time security code via Authy mobile app or SMS (something you have)How to Use Two-Factor Authentication (TFA) in ContentstackIf you are an existing Contentstack user, setting up 2FA for your Contentstack account is quick and easy. Here are the steps for enabling two-factor authentication for your account:Log in to your account.Click on profile name and go to the security page.Under ‘Two-Factor Authentication’, enter your phone number and click ‘Enable 2FA’.Select one of the methods to verify your phone number.Enter security codeThis will enable 2FA for your account.Now, the next time you try to log in to your account, you will be first asked to enter your login credentials (email and password). Then, it will prompt you to verify the security code that you get on the Authy app installed on your phone. If you do not have the app, you can request to receive the verification code via SMS. You will be granted access to your account only upon entering this security code.Why Introduce Two-Factor Authentication Now?Two-factor authentication is not a new concept and, as such, is a proven method to enhance security, which is more important than ever. With the recent feature enhancements and updates to Contentstack, users now have more power and control over the content stored in their account than ever before – something an intruder could exploit. 2FA minimizes this risk substantially.Owing to the increasing risks due to the growing level of sophistication by online hackers and attackers, security measures around the world are constantly evolving. While 2FA does not completely eliminate all potential threats, it makes it a lot harder for attackers to hack your accounts.As of now, two-factor authentication is an opt-in security feature that can be enabled/disabled for your Contentstack account as and when you wish. However, we highly recommend you to enable this as soon as possible to keep you account safe from potential threats.To learn more about two-factor authentication, please read our documentation.

Read more
Dec 07, 2016

Webhooks Security – Featuring HTTP Authentication

Webhooks provide a way to notify external apps, services, and urls when changes are made in your content stack. For instance, you can create a webhook that notifies a URL whenever a new entry is created in a particular content type or whenever an existing content type is modified. This allows for data synchronicity across applications. While it was always possible to use webhooks in our content management system, Contentstack, we have made several major changes to make webhooks more secure and powerful. Here’s what’s new: Basic HTTP Authentication You can now add basic HTTP authentication to make your webhooks more secure. To do this, add a username and password before saving your webhook. This will ensure that the webhook data will be accessible only by the users who have the credentials. Custom Headers We have added the functionality to add custom headers to your webhook. This lets you pass any number of key-value pairs to the webhook URL when the webhook is triggered. This is especially helpful when the receiving URL needs additional data such as API key or access token of your application. Manual Trigger If the destination URL is not able to accept requests due to any reason, Contentstack will make multiple calls ( five attempts total) to the URL at regular intervals. After the fifth attempt, it will stop making calls. However, at any given time, you can access the activity and make the call manually. Detailed Logs Now you can view all the details of a webhook call by clicking the “Logs” link inside the webhook’s configurations area. You can sees the date and time when the webhook was triggered, the current status of the webhook call, and the “Call Details” – which shares the results of the request and response of the webhook. Watch the video to learn more about our new features and how to use webhooks security in our CMS.

Read more
Nov 16, 2016

CDN and Other Features for a Faster and More Secure Web CMS

In our latest release, we have brought some major updates that focus on improving the speed, security, and reliability of Contentstack. Here’s a rundown of the most important changes of this release. CDN SupportContentstack is partnering with Fastly—a leading content delivery network (CDN) provider—to provide the benefits of high performance content delivery to users anywhere in the world. Fastly has multiple servers spread across the globe that store duplicated content of your website for lightning fast access to content. As a result, the visitor of a website powered by Contentstack receives data from the nearest server whenever it’s requested, instead of having to wait for the original server – which may not be the closest and fastest to respond. For instance, a site visitor located in the US will get data from Fastly’s San Jose server, while another visitor from Germany will receive the same data – but from the Frankfurt server. This improves the response time dramatically, as well as providing an additional layer of reliability and resilience. Language-Based Permissions to UsersTo provide more control over your content, we have enabled language-based permission in Contentstack. This feature enables you to allow/restrict users to access and publish content in specific languages in a stack. This can be done by defining roles (with permissions) and assigning these roles to users of your stack.Note: A stack can be defined as a pool of data or a container that holds all the content/assets related to a site. It is a collaboration space where multiple users can work together to create, edit, approve, and publish content. See a comprehensive definition here.Master Language SettingA ‘master language’ is the primary language of your stack. Previously English (United States) was the default, but now you can set your master language to your preference whenever you create a stack. We made this choice as we’ve seen an uptick in international non-English customers. More Secure and Reliable Webhooks A WebHook is an HTTP callback: an HTTP POST that occurs when something happens; a simple event-notification via HTTP POST. A web application implementing WebHooks will POST a message to a URL when certain things happen.Webhooks on Contentstack are now more secure, reliable, and easier to use than ever. We added basic HTTP authentication for an added layer of security to webhooks. we’ve also introduced custom headers in webhooks; think of this feature as an easy way to label them, so if you push code and it has the old webhook you’ll know right away. You can also now check status, view requests and responses of each triggered webhook. Laslty, in case the destination URL isn’t accepting requests due to any reason, Contentstack now makes five consecutive attempts at regular intervals. After this, a user can update it manually.Validation Rules for FieldsYou can now add validation rules for fields so that there are fewer errors and no irrelevant data in your content repository. We have introduced a new property for single-line and multi-line text fields: Validation (regex). It lets you set validation checks for the fields. The validation rules need to be defined using JavaScript regex. An example of validation would be defining regex that checks if the value entered in a field is a valid email address.Reference to Entries of Same Content TypeWe’re pleased to say you can also now reference entries of the same content type. In the case of a creating a blog, if you have blog post A, B, and C under a single content type and wish to reference blog post A in blog post C, then you can now reference that entry under a single Content Type. For more information and tutorials on these features, refer to our in-depth documentation.

Read more
May 31, 2016

Increase Productivity with These Headless CMS Features

The all new ‘Default URL Pattern’ feature lets you standardize the URL pattern for pages of your website. This is a common use case for the majority of our customers when building out a blog or a product catalog. You can define a URL pattern of your choice while creating/editing a content type. Once this is determined, Contentstack automatically generates the URL every time you create an entry. For instance, if you decide the pattern to be www.yourdomain.com/title, the auto-generated URL for your next post will be www.yourdomain.com/my-first-post. You can include date, title, custom text, or a combination of any of these elements in the URLs. This gives you the flexibility to create meaningful, reader-friendly, and beautiful URLs that rate high on SEO parameters. Read the docs to get started with this feature. Default Value for a Field Save time and effort While creating content types, you can set a default value for a field. The next time you create an entry, you do not have to manually enter a value for that field. It will, by default, contain the specified value. This reduces the time and effort spent entering the same data every time for a field. Content managers also maintain the ability to overwrite the preset value without having to make a request to development. Data Columns Field data at a glance By default, the entries page displays basic info about each entry (such as title, created at, publish status, and version) in separate columns. We have added a new feature that lets you add data columns to display the fields’ data of each entry. This helps you get a quick overview of the data of all the fields in a particular content type.

Read more
Apr 11, 2016

New Content Type Builder Makes Creating Content Structures Easy

Working with content structure is one of the most common—and challenging—tasks for a developer. Are you looking out for the easiest technique to build and customize your content? Here’s where our new content type builder comes in handy. You can now build your content structure in just a few minutes, or rather, a few seconds! This new release makes working with content easy and flexible! It’s packaged with enhanced features to quickly create content types, add fields using the drag-and-drop functionality, edit field properties in real time, rearrange fields, label them, and do a lot more. Follow the instructions below to set it up. 1. Create a Content Type When creating a new content type, name it, and select the kind of content type you want—"Webpage" or "Content Block". If you want to add a single entry, select "Single," otherwise, select "Multiple" for multiple entries. 2. Drag and Drop Fields Build powerful content structures that require no technical expertise. Just drag and drop the fields you want from the list available in the right panel. To learn more, read the Content Types documentation. Realtime Field Editing The changes made to your field properties are reflected immediately. Simply click on the selected field to edit its properties, and watch your changes happen in real time. For instance, Contentstack has the Instructional Value, Placeholder Text, and Help Text fields designed to help content editors manage content. If you edit any of these fields, the UI reflects it simultaneously. Rearrange Fields in No Time To rearrange fields, drag them using the grip icon (dots) appearing on the left side of the field. Easy Categorization Organize the content types in your stack by adding labels. You can add and nest as many labels as you need for easy access.

Read more
Jul 16, 2015

Our Latest Release Includes Audit Logs, Webhooks, and Publish Status

We are excited to announce a major update to Contentstack, our award-winning CMS. These updates include import and export functionality; now you can download the schema of a form in JSON format and import it back into Contentstack. This is a very useful feature if you want to introduce changes across several entries or forms, or simply keep backups of your data in Contentstack. We’ve also introduced webhooks, which provide a way to integrate Contentstack with other applications. Webhooks can be triggered for all significant events on your websites and provide notifications in a format easily understood by applications. Simply add a trigger URL and specify a condition that will trigger this webhook. With the latest release we now provide an interface for developers to view comprehensive records of all events associated with a website. The Audit Logs screen lists all events since the inception of the website. This is especially helpful for site owners to monitor the activities of all collaborators on the website, along with the public IP from which they performed the action. There is now a filter for the Publish Status and a facility to specify a date range. The format changed from a timeline view to a tableview, which is more intuitive and focuses on providing comprehensive information to the user. To show you just how easy and intuitive it is to use Contentstack, our youngest ever intern is going to teach you how to update the “News and Awards” page on the Built.io website: You can read more about the Contentstack update in our press release.

Read more