We originally launched the Marble API using Workspace IDs in the URL for authorization. While this worked for getting started quickly, it wasn't ideal since Workspace IDs couldn't be rotated. Many of you requested a better way to authenticate, and we listened.
You can now make requests by passing your unique API key in the Authorization header. This is a much safer approach that allows you to rotate keys if they are ever compromised.
const response = await fetch("https://api.marblecms.com/v1/posts", {
headers: {
"Authorization": "Bearer YOUR_API_KEY"
}
});You can generate and manage API keys directly from your dashboard under Settings → API Keys.
Public keys are useful for read-only access, such as fetching published posts, categories, tags, authors, and media from a frontend or server-rendered site. Private keys unlock write access for trusted server-side code, including creating, updating, and deleting workspace resources through the API.
Keep private keys on the server and out of client-side bundles. If a key is exposed, rotate it from the dashboard.
Read more about authentication in our API documentation.