Contentstack introduces the Agentic Experience Platform | Press release
CS-log-dark.svg

Introduction

[API VERSION : 1.0.0]
View as Markdown

Base URL

  • AWS North America (AWS NA): https://api.contentstack.io
  • AWS Europe (EU): https://eu-api.contentstack.com
  • AWS Australia (AWS AU): https://au-api.contentstack.com
  • Azure North America (Azure NA): https://azure-na-api.contentstack.com
  • Azure Europe (Azure EU): https://azure-eu-api.contentstack.com
  • GCP North America (GCP NA): https://gcp-na-api.contentstack.com
  • GCP Europe (GCP EU): https://gcp-eu-api.contentstack.com

Overview

Contentstack is a headless, API-first content management system (CMS) that provides everything you need to power your web or mobile properties. To learn more about Contentstack, visit our website or refer to our documentation site to understand what we do. The Administration APIs are used to manage your Contentstack organization.

Content Management SDKs

We have created SDKs, API references, getting started guides, and sample apps for some of the popular languages and platforms. You can use them to build your own apps and manage your content from Contentstack.

Contentstack Management SDKs interact with the Administration APIs and allow you to manage your organization settings. They are read-write in nature.

You will find a list of all the available management SDKs under the Content Management SDKs section.

We provide Management SDKs for the following platform:

Authentication

Contentstack uses the authtoken or OAuth token, API key, and Organization ID to make Administration API requests.

How to Get Authtoken

Authtokens are user-specific tokens generated when user logs in to Contentstack. To retrieve the authtoken, log in to your Contentstack account by using the "Log in to your account" request. This request will return the authtoken in the response body.

You can generate multiple authtokens by executing the "Log in to your account" request multiple times. These tokens do not have an expiration time limit. However, currently, there is a maximum limit of 20 valid tokens that a user can use per account at a time, to execute CMA requests. If you already have valid 20 tokens, creating a new authtoken will automatically cause the oldest authtoken to expire without warning.

For SSO-enabled organizations, the "Log in to your account" request will not return the user authtoken for users who access the organization through Identity Provider login credentials. Consequently, any requests that require user authtoken will not work. Only the owner of the organization and users with permission to access the organization without SSO can use the Content Management APIs. Learn more about REST API Usage.

TipAn alternate way to retrieve the authtoken is via Inspect element. If you are logged in through your browser, right-click and select Inspect or press “F12” to open developer tools, and select the Network tab.

M2M OAuth Token

Machine-to-Machine (M2M) apps are designed for secure server-to-server communication, eliminating the need for user intervention. These apps use the OAuth 2.0 protocol for authentication and authorization, making them highly secure and reliable for machine-to-machine interactions. Refer to our guide on Machine-to-Machine Apps for more information.

NoteThe M2M app is currently in Beta. Reach out to our support team to enable it for your organization.

How to Get Organization ID

To retrieve the Organization ID, perform the steps given below:

  1. Select the Organization from the dropdown on the header and click the “Org Admin” icon in the left navigation panel.
    Or, you can simply click the “Org Admin” cog beside the Organization that you intend to open.
  2. Click the Info tab to access the section.

NoteOnly organization Owner and Admin roles can view the Organization ID.

Rate limiting

Rate limit is the maximum number of requests you can make using Contentstack’s API in a given time period.

By default, the Contentstack enforces the following rate limits:

  • Read (GET) requests: 10 requests per second per organization.
  • Write (POST/PUT/DELETE) requests: 10 requests per second per organization.

Your application will receive the HTTP 429 response code if the requests for a given time period exceed the defined rate limits.

NoteBulk actions do not follow the standard CMA rate limit of 10 requests per second. The default rate limit for bulk actions is 1 request per second i.e., in one second you can make only one bulk action API request.

We also have set a limit on stack creation. Organizations can create only one stack per minute.

The aforementioned limits are configurable depending on your plan. For more information, contact our support team.

To get the current rate limit status, you can check the returned HTTP headers of any API request. These rate limits are reset at the start of each time period.

HeadersDescription
X-RateLimit-LimitThe maximum number of request a client is allowed to make per second per organization.
X-RateLimit-RemainingThe number of requests remaining in the current time period.

API conventions

  • The base URL for Analytics API for different regions can be found in the Base URL section.
  • URL paths are written in lower case.
  • Query parameters and JSON fields use lower case, with underscores (_) separating words.
  • The success/failure status of an operation is determined by the HTTP status it returns. Additional information is included in the HTTP response body.
  • The JSON number type is bounded to a signed 32-bit integer.

Errors

If there is something wrong with the API request, Contentstack returns an error.

Contentstack uses conventional, standard HTTP status codes for errors, and returns a JSON body containing details about the error. In general, codes in the 2xx range signify success. The codes in the 4xx range indicate error, mainly due to information provided (for example, a required parameter or field was omitted). Lastly, codes in the 5xx range mean that there is something wrong with Contentstack’s servers; it is very rare though.

Let’s look at the error code and their meanings.

HTTP status codeDescription
400 Bad RequestThe request was incorrect or corrupted.
401 Access DeniedThe login credentials are invalid.
403 Forbidden ErrorThe page or resource that is being accessed is forbidden.
404 Not FoundThe requested page or resource could not be found.
412 Pre Condition FailedThe entered API key is invalid.
422* Unprocessable Entity (also includes Validation Error and Unknown Field)The request is syntactically correct but contains semantic errors.
429 Rate Limit ExceededThe number of requests exceeds the allowed limit for the given time period.
500 Internal Server ErrorThe server is malfunctioning and is not specific on what the problem is.
502 Bad Gateway ErrorA server received an invalid response from another server.
504 Gateway Timeout ErrorA server did not receive a timely response from another server that it was accessing while attempting to load the web page or fill another request by the browser.

* Contentstack returns the 422 HTTP status code with the "UID is not valid" message when an entry doesn’t exist, has been deleted, or belongs to a different content type. To check if an entry has been deleted, first try retrieving it from the CDN, then from the origin server if needed. This error can also occur due to invalid query parameters, such as using an empty array with logical operators like $and. Always ensure your queries contain valid conditions. For example, {"$and": [{}, {}]} is not a valid query.

NoteThe error codes that we get in the JSON response are not HTTP error codes but are custom Contentstack error codes that are used for internal purposes.