API Keys
This page exists so the docs navigation can point to the planned API key work without implying that the feature is ready today.
Current status
- No API key provider is available in the current
@conloca/content-api/nodeexports - No
authoption is available inconlocaCMS() - No request header format is finalized in the shipped code yet
What to use today
For production protection today, use Cloudflare Access. That flow is implemented and works without changing your Astro config.
Planned use case
The likely target is programmatic access for CI/CD pipelines, scripts, and headless API consumers. Exact request and configuration shapes are still subject to implementation.
Dev Branch Preview
On the dev branch, API keys are configured through conlocaCMS({ auth }) using the apiKey() provider from
@conloca/content-api/node.
// dev branch preview only
import { apiKey } from '@conloca/content-api/node';
auth: {
provider: apiKey({
keys: [
{
hash: 'sha256:YOUR_BASE64_HASH',
role: 'editor',
label: 'ci-deploy',
},
],
}),
}
The dev branch implementation expects API keys in the Authorization: Bearer ... header.
Next steps
- Getting Started — Set up your first Conloca site
- Cloudflare Access — Current production-ready protection
- Docker deployment — Deploy with Docker Compose