Skip to main content
Settings access requires the admin or owner role. Users without these roles see an “Access denied” message.

API Keys

API keys provide programmatic access to the MDCMS API for external integrations, CI/CD pipelines, and scripts. Manage them at Settings > API Keys.

Creating a key

Click Create API Key and configure:
FieldDescription
LabelA human-readable name for the key (e.g., “CI Pipeline”, “Preview Deploy”)
ScopesWhich operations the key can perform (see table below)
Context allowlistRestrict the key to specific project/environment pairs
ExpirationOptional expiry date; keys without expiration remain active until revoked
After creation, the full key is displayed once. Copy it immediately — it cannot be retrieved again. All keys use the mdcms_key_ prefix.

Available scopes

ScopeDescription
content:readRead published content
content:read:draftRead draft content
content:writeCreate and update content
content:write:draftWrite draft content
content:publishPublish and unpublish documents
content:deleteDelete documents
schema:readRead schema definitions
schema:writeSync schema to the server
media:uploadUpload media files
media:deleteDelete media files
webhooks:readRead webhook configurations
webhooks:writeCreate and update webhooks
environments:cloneClone environment content
environments:promotePromote content between environments
migrations:runRun database migrations
projects:readRead project metadata
projects:writeUpdate project settings

Managing keys

The API Keys table shows all keys with their label, key prefix, assigned scopes, context restrictions, creation date, expiration, and status (Active, Expired, or Revoked). To disable a key, click Revoke. Revoked keys cannot be reactivated — create a new one instead.

Users & Roles

Manage team access at Users in the sidebar. This page lets you list users, send invitations, update roles, and remove team members.

Inviting users

1

Click Invite User

Opens a dialog with email, role, and optional folder prefix fields.
2

Enter the email address

The invitee receives an email with a link to accept the invitation.
3

Select a role

Choose Admin, Editor, or Viewer. The Owner role cannot be assigned via invitation.
4

Set a folder prefix (optional)

For Editor and Viewer roles, you can restrict access to content under a specific path (e.g., content/blog). Leave empty for full project access.
5

Send

The invitation appears in the Pending Invitations section until accepted or revoked.

Role capabilities

CapabilityViewerEditorAdminOwner
Read published contentYesYesYesYes
Read draft contentYesYesYesYes
Create documentsNoYesYesYes
Edit documentsNoYesYesYes
Publish / UnpublishNoYesYesYes
Delete documentsNoYesYesYes
Manage usersNoNoYesYes
Manage settingsNoNoYesYes
Manage environmentsNoNoYesYes
Read schemaNoNoYesYes
Transfer ownershipNoNoNoYes
Editors and Viewers can be scoped to a folder prefix. When a folder prefix is set (e.g., content/blog), the user can only access documents whose paths start with that prefix. This is useful for teams where different people own different content sections.Admins always have global scope and cannot be restricted to folders.

Managing existing users

From the user table, you can:
  • Edit role — Change a user’s role and folder prefix via the row action menu
  • Revoke sessions — Immediately invalidate all active sessions for a user
  • Remove user — Permanently remove the user from the project (with confirmation)
Owners cannot be removed. Ownership must be transferred first.

Schema Browser

The Schema Browser at /admin/schema provides a read-only view of all content types synced to the current project and environment. It shows:
  • Type name and directory path
  • Localization mode (Localized or Single locale)
  • Sync timestamp and schema hash
  • Field table for each type with:
    • Field name
    • Kind (string, number, boolean, enum, date, array, reference, object)
    • Required / Nullable status
    • Constraints (defaults, reference targets, enum options, validation checks)
The schema browser is useful for verifying that mdcms schema sync applied your latest type definitions correctly.
The schema is read-only in Studio. To change content type definitions, update your mdcms.config.ts file and run mdcms schema sync from the CLI.

Webhooks (post-MVP)

Webhook support will allow you to configure HTTP endpoints that receive notifications when content events occur.Planned configuration per webhook:
FieldDescription
URLThe endpoint to receive POST requests
EventsFilter which events trigger the webhook (e.g., content.published, content.updated, content.deleted)
SecretA shared secret for HMAC signature verification of webhook payloads
ActiveToggle to enable or disable the webhook without deleting it

Media Library (post-MVP)

The Media page at /admin/media will provide a library for managing uploaded files (images, documents, etc.) used in your content. This feature is under development.