• Public
  • Public/Protected
  • All



Keys Functions

Requests Functions

Keys Functions

Const getManagementToken

  • getManagementToken(privateKey: string, opts: GetManagementTokenOptions): Promise<string>
  • Returns a Contentful Management API token from private key Management tokens are cached internally until until they expire. Pass reuseToken: false in the options for getManagementToken to disable this feature.

    NodeJS Contentful Apps need a management token to interact with Contentful's APIs. Creating a management token requires a key pair to be registered for the app, follow this link for more information on key pairs.

    Once a key pair is registered the getManagementToken function can be used to generate a valid token.

    const {getManagementToken} = require('contentful-node-apps-toolkit')
    getManagementToken(PRIVATE_KEY, {appId, spaceId, environmentId})
       .then( (token) => {
         console.log('Here is your token')


    • privateKey: string
    • opts: GetManagementTokenOptions

    Returns Promise<string>

Requests Functions


  • signRequest(rawSecret: Secret, rawCanonicalRequest: CanonicalRequest, rawTimestamp?: Timestamp): SignedRequestWithoutContextHeaders
  • Given a secret, a canonical request, a timestamp and context headers, generates a signature. ~


    • rawSecret: Secret
    • rawCanonicalRequest: CanonicalRequest
    • Optional rawTimestamp: Timestamp

    Returns SignedRequestWithoutContextHeaders

Const verifyRequest

  • verifyRequest(rawSecret: Secret, rawCanonicalRequest: CanonicalRequest, rawTimeToLive?: TimeToLive): boolean
  • Given a secret verifies a CanonicalRequest. It also throws when signature is older than rawTimeToLive seconds. Pass rawTimeToLive = 0 to disable TTL checks.

    const { verifyRequest } = require('@contentful/node-apps-toolkit')
    const { server } = require('./imaginary-server')
    const { makeCanonicalRequestFromImaginaryServerRequest } = require('./imaginary-utils')
    const SECRET = process.env.SECRET
    const REQUEST_TTL = Number.parseInt(process.env.REQUEST_TTL, 10)
    server.post('/api/my-resources', (req, res) => {
      const canonicalRequest = makeCanonicalRequestFromImaginaryServerRequest(req)
      try {
        const isVerifiedRequest = verifyRequest(SECRET, canonicalRequest, REQUEST_TTL)
        if (!isVerifiedRequest) {
          res.send(403, 'Invalid signature')
      } catch (_error) {
        res.send(422, 'Unable to verify request')
      // Rest of the code


    • rawSecret: Secret
    • rawCanonicalRequest: CanonicalRequest
    • Default value rawTimeToLive: TimeToLive = 30

    Returns boolean

Generated using TypeDoc