kql
kql copied to clipboard
getkirby
[Docs] Provide basic info about how to create a read-only api user
I tried out KQL with astro (https://astro.build/) recently, it took me some time to figure out how to create an read-only api user for authentication with the API.
Just as improvement suggestions for the README of this plugin, feel free to just close if not relevant ;-)
I just read pages via API by now, I guess files.read should also be enabled? I created the following user role:
Create an api user role in site/blueprints/users/api.yml and add a new user in the panel with that role:
title: Api
description: Api users, read-only
permissions:
access:
panel: true
site: false
languages: false
system: false
users: false
files:
create: false
changeName: false
delete: false
read: false
replace: false
update: false
languages:
create: false
delete: false
pages:
changeSlug: false
changeStatus: false
changeTemplate: false
changeTitle: false
create: false
delete: false
duplicate: false
preview: false
read: true
sort: false
update: false
site:
changeTitle: false
update: false
user:
changeEmail: false
changeLanguage: false
changeName: false
changePassword: false
changeRole: false
delete: false
update: false
users:
changeEmail: false
changeLanguage: false
changeName: false
changePassword: false
changeRole: false
create: false
delete: false
update: false
You can shorten that to:
title: Api
description: Api users, read-only
permissions:
access:
*: false
panel: true
files: false
languages: false
pages:
*: false
read: true
site: false
user: false
users: false
its now possible to remove auth
https://github.com/getkirby/kql/issues/31#issuecomment-1137196927
A read-only API user could still be useful if you don't want to allow public access but just access by your static site generator or another backend tool.