Contentstack Management JavaScript SDK
JavaScript Management SDK for Contentstack
Contentstack is a headless CMS with an API-first approach. It is a CMS that developers can use to build powerful cross-platform applications in their favorite languages. All you have to do is build your application frontend, and Contentstack will take care of the rest.
This SDK uses the Content Management API (CMA). The CMA is used to manage the content of your Contentstack account. This includes creating, updating, deleting, and fetching content of your account. To use the CMA, you will need to authenticate your users with a Management Token or an Authtoken. Read more about it in Authentication.
Note By using CMA, you can execute GET requests for fetching content. However, we strongly recommend that you always use the Content Delivery API to deliver content to your web or mobile properties.
Prerequisite
You need Node.js version 22 or above installed to use the Contentstack JavaScript Management SDK.
Setup and Installation
For Node.js
Install it via npm:
npm i @contentstack/management;
To import the SDK, use the following command:
import * as contentstack from '@contentstack/management' const contentstackClient = contentstack.client();
Quickstart in 5 mins
Initializing Your SDK
To use the JavaScript CMA SDK, you need to first initialize it. To do this, use the following code:
import * as contentstack from '@contentstack/management';
const contentstackClient = contentstack.client({ authtoken: 'AUTHTOKEN' });Authentication
To use this SDK, you need to authenticate your users by using the Authtoken, credentials, or Management Token (stack-level token).
Authtoken
An Authtoken is a read-write token used to make authorized CMA requests, and it is a user-specific token.
import * as contentstack from '@contentstack/management';
contentstackClient = contentstack.client({ authtoken: 'AUTHTOKEN' });Login
The login call allows you to sign in to your Contentstack account and obtain an authentication token (authtoken). Multi-Factor Authentication (MFA) is supported for SDK based logins.
| Name | Type | Description |
|---|---|---|
| email (required) | string | Registered email address used for login |
| password (required) | string | Password associated with the registered email |
| tfa_token | string | Required for MFA-enabled accounts. One-time passcode generated by an authenticator app for completing MFA during login. |
| mfaSecret | string | Required to generate the tfa_token dynamically. Secret key generated when MFA is enabled for the user. |
Example:
import * as contentstack from '@contentstack/management'
const client = contentstack.client()
// When user does not have MFA enabled
client.login({ email: <emailid>, password: <password> })
.then(() => {
}))
// When user have MFA enabled
client.login({ email: <emailid>, password: <password>, tfa_token: <2FA_token> })
.then(() => {
}))
import * as contentstack from '@contentstack/management'
const client = contentstack.client()
client.login({ email: <emailid>, password: <password>, mfaSecret: <mfaSecret> })
.then(() => {
}))NoteThe mfaSecret is not passed in the request body—it’s used to generate the OTP dynamically, which is then sent as the tfa_token.
OAuth
NoteThis feature requires @contentstack/management version 1.20.0 or later and registered OAuth client credentials.
The JavaScript Management SDK supports OAuth 2.0, enabling secure, token-based access to Contentstack’s Content Management APIs. This integration simplifies authentication by automating token acquisition, refresh, and secure lifecycle management.
With OAuth 2.0, developers can easily implement secure access for both web-based interfaces and command-line tools.
Additional ResourceFor more information on the OAuth support in JavaScript Management SDK, refer to Implement OAuth 2.0 with JavaScript Management SDK documentation.
Key Features
- Easy SDK initialization: Set up OAuth effortlessly by configuring the SDK with minimal credentials.
- Automatic token management: The SDK seamlessly handles token acquisition, automatic refresh on expiry, and secure in-memory storage—ensuring uninterrupted authentication.
- Compatible with both web and CLI applications: The SDK works seamlessly across browser-based apps and command-line tools, supporting multiple secure token storage strategies.
- Built-in logout functionality: Easily terminate the user sessions with a single method that clears tokens and resets the authentication state.
- Token revocation support included: Integrated token revocation allows your app to invalidate access upon logout or session expiration.
Management Token
Management Tokens are stack-level tokens, with no users attached to them.
import * as contentstack from '@contentstack/management';
const contentstackClient = contentstack.client();
contentstackClient.stack({ api_key: 'API_KEY', management_token: 'MANAGEMENT_TOKEN' })
.contentType('CONTENT_TYPE_UID')
.fetch()
.then((contenttype) => {
console.log(contenttype)
})
Fetch Stack Detail
Use the following lines of code to fetch your stack detail using this SDK:
import * as contentstack from '@contentstack/management'
const contentstackClient = contentstack.client({ authtoken: 'AUTHTOKEN' });
contentstackClient.stack({api_key:'API_KEY'})
.fetch()
.then((stack) => {
});Create Entry
To create an entry in a specific content type of a stack, use the following lines of code:
import * as contentstack from '@contentstack/management'
var entry = {
title:'Sample Entry',
url:'/sampleEntry'
}
const contentstackClient = contentstack.client({ authtoken: 'AUTHTOKEN' });
contentstackClient.stack({ api_key:'API_KEY'})
.contentType('CONTENT_TYPE_UID')
.entry()
.create({ entry })
.then((entry)=>{
});Create Asset
The following lines of code can be used to upload assets to your stack:
import * as contentstack from '@contentstack/management'
var asset = {
upload: 'path/to/file',
title: 'Asset Title'
}
const contentstackClient = contentstack.client({ authtoken: 'AUTHTOKEN' });
contentstackClient.stack({ api_key: 'API_KEY' })
.asset()
.create({ asset })
.then((asset) => {
});