API Keys

API keys are used when your website, app, or other external system needs to request content from Contismo.

They provide authenticated access outside the Studio and should be handled securely.

Key types

Contismo supports two GraphQL API key types:

| Type | Prefix | Access | |------|--------|--------| | GraphQL - Read Only | gql_ | Query content via GraphQL | | GraphQL - Read/Write | gqlw_ | Query content and run GraphQL mutations for content models, entries, and assets (create, update, delete, and status changes) |

Read/write keys cannot manage team members, billing, webhooks, or other API keys.

Create an API key

To create a new API key:

1. Go to Settings → API Keys.
2. Click Create API Key.
3. Enter a name that helps you identify where the key will be used.
4. Choose GraphQL - Read Only or GraphQL - Read/Write.
5. Copy the key and store it somewhere safe.

Copy the key when it is created

The full key is only shown once, at the time it is created. Make sure you store it securely before leaving the page.

Use the key

Include the API key in the Authorization header when making GraphQL requests. Also send the environment in the X-Environment header:

Authorization: Bearer <your-api-key>
X-Environment: <environment-api-id>

Read-only keys can run queries. Read/write keys can also run mutations — see the GraphQL API reference for examples.