search

getkirby / kql

Kirby's Query Language API combines the flexibility of Kirby's data structures, the power of GraphQL and the simplicity of REST.
https://getkirby.com
MIT License
145 stars 5 forks source link

[Docs] Provide basic info about how to create a read-only api user #32

Open mandrasch opened 2 years ago

mandrasch commented 2 years ago

I tried out KQL with astro (https://astro.build/) recently, it took me some time to figure out how to create an read-only api user for authentication with the API.

Just as improvement suggestions for the README of this plugin, feel free to just close if not relevant ;-)

I just read pages via API by now, I guess files.read should also be enabled? I created the following user role:

Create an api user role in site/blueprints/users/api.yml and add a new user in the panel with that role:

title: Api
description: Api users, read-only
permissions:
  access:
    panel: true
    site: false
    languages: false
    system: false
    users: false
  files:
    create: false
    changeName: false
    delete: false
    read: false
    replace: false
    update: false
  languages:
    create: false
    delete: false
  pages:
    changeSlug: false
    changeStatus: false
    changeTemplate: false
    changeTitle: false
    create: false
    delete: false
    duplicate: false
    preview: false
    read: true
    sort: false
    update: false
  site:
    changeTitle: false
    update: false
  user:
    changeEmail: false
    changeLanguage: false
    changeName: false
    changePassword: false
    changeRole: false
    delete: false
    update: false
  users:
    changeEmail: false
    changeLanguage: false
    changeName: false
    changePassword: false
    changeRole: false
    create: false
    delete: false
    update: false
lukasbestle commented 2 years ago

You can shorten that to:

title: Api
description: Api users, read-only
permissions:
  access:
    *: false
    panel: true
  files: false
  languages: false
  pages:
    *: false
    read: true
  site: false
  user: false
  users: false
scsskid commented 2 years ago

its now possible to remove auth

https://github.com/getkirby/kql/issues/31#issuecomment-1137196927

lukasbestle commented 2 years ago

A read-only API user could still be useful if you don't want to allow public access but just access by your static site generator or another backend tool.