Simple API Key

A Simple API Key uniquely identifies an application, developer, or user to verify access permissions. It is a string of characters included in an API call or request header.

Simple API Keys can grant access to the entire CCMS Content Library or a specific map.

Simple API Keys grant access to every client and should not used from the browser - only use them for machine to machine communication.

Users assigned the Administrator role in Heretto CCMS can create and delete Simple API Keys.

JSON Web Token (JWT)

A JSON Web Token (JWT) is an open standard for securely sharing JSON data between parties. It verifies application access permissions and specifies access rights. Without an authentication system, the token is saved as a cookie and follows the user until the tab is closed.

For Deploy API purposes, before it's used in API calls, a JWT must be signed with a JWT HS256 key.

JWTs can grant access to the entire CCMS Content Library or a specific map. You can further refine user access through conditional profiling with DITAVALs in Heretto CCMS. For more information about profiling content for different audiences, see Filtering and Personalization.

JWTs also enable you to embed content in another webpage or to build a website or web application.

Users assigned the Administrator role in Heretto CCMS can create and delete JWT HS256 keys required to create JWTs. They can also specify the access the tokens provide, for example, to the entire content set or to a particular map.

You can provide authentication for all endpoints in the HTTP header X-Deploy-API-Auth or as a URL parameter token. Both methods use the same value: either a Simple API Key or JWT (signed with a JWT HS256 key).