How to use Kirby CMS API without logged in from frontend?

So i red some docs and i want to use Kirby CMS API and create my own front-end with React. I did the Javascript example in html file, which returned data when logged in. Is there any guide how to implement this, with some kind of authentication so that i can use Kirby CMS API without logged in from React?

I remember doing some JSON API with version 2, but i take things are changed now and i can directly use API which Kirby offers?

Have you read the guide: https://getkirby.com/docs/guide/api/introduction

I had a pretty similar question.

What I learned from the API-guide was, that you need to be logged in. So I set up a blueprint for an api-consumer-user, without access to the panel, otherwise anyone could just grab the credentials from the network-log and log in, right?
My problem was, that I then got the error “not authorized to access panel” when I tried to access mysite.com/api/pages/subpage.
But I don’t even want to access the panel with that user, only what’s public anyway. I imagined that I could get whatever data is in a page as JSON (Fields and subpages).
I know you’re still working on examples for that. It would be really useful, because I guess lots of people would like to use the API without touching the panel at all.

1 Like

I tried around a bit more, maybe this can be of help.

The URLs of the API are similar to the ones in the panel.

You can get a list of your root pages with /api/site/children

You can get a page with /api/pages/pagename

You can get a list of child-pages with api/pages/pagename/children

You can get a specific childpage with /api/pages/pagename+childname

You can get a childpage’s files with /api/pages/pagename+childname/files

I have yet to find out the blueprint for a role which can read certain data but not edit or change anything. Or maybe somebody already did this. You could then base64 the credentials and hardcode it in all requests.

1 Like

The Api Routes are also documented here.

1 Like

Yes, true, I experienced the same with a user without Panel access. Wonder if that really is the intended behavior.

1 Like

Hi, I have a similar problem with accessing the API when logged out. I was excited when I found this thread but there’s no solution offered. Also this guide is pretty misleading as it seems like you can just use the fetch example and it should work if you are logged in or out. Sorry to be critical but I don’t understand why this is so difficult and has been an issue since 2019. Is there a way to access API endpoints when logged out or is this still an issue?

The API definitely needs authentication, so yes, you need to authenticate either via Basic Auth or via the session (and a session is only created if a user is logged in). Also, this user needs Panel access, but all other permissions then should be set to false.

The alternative to using the API would be custom non-api endpoints or content representations.

Thanks so much for explaining! That’s super clear. I still think the way it’s written in the docs sounds you can use that fetch example out of the box but maybe that’s just me.

Thanks again!

In order to use Kirby as headless CMS you have to be able to access the content without authentication. Is there any solution to that?? When I go to urls like “/api/site/children” I still get an “Unauthenticated” error :disappointed:

The API needs authentication, there is currently no way around that.

The only option I see currently is to use plain routes.

Just make sure to validate the request, e.g. “Webhook signatures”.

Or content representations.