To use this SDK, you need to authenticate your users by using the Authtoken, credentials, or Management Token (stack-level token).
Authtoken
An Authtoken is a read-write token used to make authorized CMA requests, and it is a user-specific token.
import * as contentstack from '@contentstack/management';
contentstackClient = contentstack.client({ authtoken: 'AUTHTOKEN' });
Login
The login call allows you to sign in to your Contentstack account and obtain an authentication token (authtoken). Multi-Factor Authentication (MFA) is supported for SDK based logins.
Name | Type | Description |
---|
email (required) | string | Registered email address used for login |
password (required) | string | Password associated with the registered email |
tfa_token | string | Required for MFA-enabled accounts. One-time passcode generated by an authenticator app for completing MFA during login. |
mfaSecret | string | Required to generate the tfa_token dynamically. Secret key generated when MFA is enabled for the user. |
Example:
import * as contentstack from '@contentstack/management'
const client = contentstack.client()
client.login({ email: <emailid>, password: <password> })
.then(() => {
}))
client.login({ email: <emailid>, password: <password>, tfa_token: <2FA_token> })
.then(() => {
}))
import * as contentstack from '@contentstack/management'
const client = contentstack.client()
client.login({ email: <emailid>, password: <password>, mfaSecret: <mfaSecret> })
.then(() => {
}))
Note: The mfaSecret is not passed in the request body—it’s used to generate the OTP dynamically, which is then sent as the tfa_token.
OAuth
Note: This feature requires @contentstack/management version 1.20.0 or later and registered OAuth client credentials.
The JavaScript Management SDK supports OAuth 2.0, enabling secure, token-based access to Contentstack’s Content Management APIs. This integration simplifies authentication by automating token acquisition, refresh, and secure lifecycle management.
With OAuth 2.0, developers can easily implement secure access for both web-based interfaces and command-line tools.
Additional Resource: For more information on the OAuth support in JavaScript Management SDK, refer to Implementing OAuth 2.0 with JavaScript Management SDK documentation.
Key Features
- Easy SDK initialization: Set up OAuth effortlessly by configuring the SDK with minimal credentials.
- Automatic token management: The SDK seamlessly handles token acquisition, automatic refresh on expiry, and secure in-memory storage—ensuring uninterrupted authentication.
- Compatible with both web and CLI applications: The SDK works seamlessly across browser-based apps and command-line tools, supporting multiple secure token storage strategies.
- Built-in logout functionality: Easily terminate the user sessions with a single method that clears tokens and resets the authentication state.
- Token revocation support included: Integrated token revocation allows your app to invalidate access upon logout or session expiration.
Management Token
Management Tokens are stack-level tokens, with no users attached to them.
import * as contentstack from '@contentstack/management';
contentstackClient = contentstack.client();
contentstackClient.stack({ api_key: 'API_KEY', management_token: 'MANAGEMENT_TOKEN' }).contentType('CONTENT_TYPE_UID');
.fetch()
.then((contenttype) => {
console.log(contenttype)