--- title: Access Tokens description: Discover Storyblok's documentation with comprehensive developer guides, user manuals, API references, and examples to help you get the most out of the headless CMS platform. url: https://www.storyblok.com/docs/concepts/access-tokens --- # Access Tokens Storyblok offers a rich set of APIs and services for delivering and managing content and assets. Tokens safeguard access to these services. ## Content Delivery API access tokens Use the Content Delivery API's read-only access tokens to view the content and assets of a specific space. To manage per-space tokens and generate new ones, select the space and open **Settings** → **Access Tokens**. The following types of tokens are available: - **Public:** access `published` content using the Content Delivery API. Use this token in production frontends. - **Preview:** access `draft` and `published` content using the Content Delivery API. Use this token in the Visual Editor or staging environments. - **Asset:** access [private assets](/docs/concepts/assets) using the Content Delivery API. - **Release:** access content associated with a specific release. Requires the [Releases app](https://www.storyblok.com/docs/api/management/releases/). - **Theme:** access a theme for use by the Storyblok rendering service (_deprecated_). > [!TIP] > To specify how long the CDN caches the content, set a time-to-live (TTL). Learn more in the [caching developer concept](/docs/concepts/caching). The following example uses the [JavaScript SDK](https://www.storyblok.com/docs/libraries/js/js-sdk) to fetch published stories via the [Content Delivery API](https://www.storyblok.com/docs/api/content-delivery/v2/stories/retrieve-multiple-stories): ```javascript import { apiPlugin, storyblokInit } from '@storyblok/js'; const { storyblokApi } = storyblokInit({ accessToken: 'YOUR_ACCESS_TOKEN', use: [apiPlugin], }); // Use a public or preview access token const { data } = await storyblokApi.get('cdn/stories', { version: 'published', }); ``` ## Management API access tokens Use the Management API's read-only/read-write access tokens to perform CRUD (create, read, update, delete) operations via the [Management API](https://www.storyblok.com/docs/api/management). ### Personal access token The personal access token is account-specific. To manage existing tokens or generate new ones, open your [**Account settings**](https://app.storyblok.com/#/me/account?tab=token): **My account** → **Account settings** → **Personal access tokens**. > [!WARNING] > Secret management > > Store your personal access tokens in environment variables, and never expose them in frontend code you commit to version control. > > If a token is exposed, revoke it immediately and generate a new one. By default, a new personal access token grants access to all spaces that you own. Learn more about space ownership in the [Roles manual](/docs/manuals/roles). Alternatively, specify one or multiple spaces that the token should grant access to. Next, set individual permissions for the following scopes: - Asset folders - Assets - Collaborators - Comments - Components - Datasource entries - Datasources - Releases - Spaces - Statistics - Stories - Tags - Users - Webhooks Select at least one scope. Alternatively, choose **Select all scopes** to enable read and write permissions for all scopes. As an additional layer of security, set an expiration date for the token. Finally, select **Generate Token**. The generated token is shown _once_. Copy it and store it securely. Upon generation, eligible spaces and scopes can be reviewed, but not changed. > [!WARNING] > Apply the principle of least privilege and restrict the token's access to the required spaces and scopes. > > To bypass space and scope configuration, enable **Full user permission**. This grants the token the same access as your user account across all eligible spaces and enables all scopes. > > Use it only for development or tooling that requires unrestricted access. ## Further resources [Content Delivery API: Introduction](/docs/api/content-delivery/v2) [Management API: Introduction](/docs/api/management) [Management API: Access Tokens](/docs/api/management/access-tokens) ## Pagination - [Previous: Introduction](/docs/concepts) - [Next: Assets](/docs/concepts/assets)