OOsstblok

Management-API

Schreib-Endpoints: Components, Stories, Datasources, Assets, Tokens und Spaces anlegen und ändern.

Authentifizierung

Alle Management-Endpoints erwarten Authorization: Bearer <token>. Zwei Token-Formate: sbmgmt_... (Legacy, immer Admin) und sbmcp_... (rollen-scoped: admin / editor / viewer). Tokens sind per HMAC at-rest gehasht — den Plaintext bekommst du genau einmal, in der Create-Response.

POST/api/v1/spacesSession-Cookie

Neuen Space anlegen (Session-Auth).

Request
POST /api/v1/spaces
Content-Type: application/json
Cookie: better-auth.session_token=...

{"name": "Marketing Site"}
Antwort
{
  "space": { "id": 2, "name": "Marketing Site" },
  "tokens": {
    "public":  "sbpub_...",
    "preview": "sbprev_...",
    "private": "sbpriv_..."
  }
}
POST/api/v1/spaces/{spaceId}/storiesBearer (Mgmt)

Story anlegen.

Request
POST /api/v1/spaces/1/stories
Authorization: Bearer sbmgmt_...

{
  "story": {
    "name": "Hello",
    "slug": "hello",
    "content": { "component": "page", "title": "Hello" }
  },
  "publish": 1
}
PUT/api/v1/spaces/{spaceId}/stories/{id}Bearer (Mgmt)

Story ändern — content ersetzt den vorherigen Content komplett.

POST/api/v1/spaces/{spaceId}/componentsBearer (Mgmt)

Component-Definition anlegen.

POST/api/v1/spaces/{spaceId}/import/storyblokBearer (Mgmt)

Existierenden Storyblok-Space importieren (Dry-Run unterstützt).

GET/api/v1/spaces/{spaceId}/audit_logBearer (Mgmt)

Append-only Audit-Log — nur für Admins, kein Write-Endpoint.