OOsstblok

Management API

Write-side endpoints: create and update components, stories, datasources, assets, tokens and spaces.

Authentication

All management endpoints require Authorization: Bearer <token>. Tokens come in two flavours: sbmgmt_... (legacy, always admin) and sbmcp_... (role-scoped: admin / editor / viewer). Tokens are HMAC-hashed at rest — the plaintext is shown exactly once in the create-response.

POST/api/v1/spacesSession cookie

Create a new space (session-auth).

Request
POST /api/v1/spaces
Content-Type: application/json
Cookie: better-auth.session_token=...

{"name": "Marketing Site"}
Response
{
  "space": { "id": 2, "name": "Marketing Site" },
  "tokens": {
    "public":  "sbpub_...",
    "preview": "sbprev_...",
    "private": "sbpriv_..."
  }
}
POST/api/v1/spaces/{spaceId}/storiesBearer (Mgmt)

Create a story.

Request
POST /api/v1/spaces/1/stories
Authorization: Bearer sbmgmt_...

{
  "story": {
    "name": "Hello",
    "slug": "hello",
    "content": { "component": "page", "title": "Hello" }
  },
  "publish": 1
}
PUT/api/v1/spaces/{spaceId}/stories/{id}Bearer (Mgmt)

Update a story — content replaces the previous content entirely.

POST/api/v1/spaces/{spaceId}/componentsBearer (Mgmt)

Create a component definition.

POST/api/v1/spaces/{spaceId}/import/storyblokBearer (Mgmt)

Import an existing Storyblok space (dry-run supported).

GET/api/v1/spaces/{spaceId}/audit_logBearer (Mgmt)

Append-only audit log — admin-only, no write endpoint.