Permissions for Headless use of ContentBox

Hi everyone,

I am trying to use Contentbox as an headless CMS, so I have a client app on one domain (written in React / Next.js) and ContentBox on another domain.
My client app will only display the content hosted in Contentbox, but it should not be able to edit that content.
Looking at the permissions in ContentBox, I do not understand how I can create a user that only has the permission to consume the content (pages, blog entries, menus, etc), but that do NOT have the permission to Create, Edit, Delete such content (basically, I will only use the API’s GET endpoints).

The only thing I see in ContentBox are permissions of ADMIN_ and EDITOR_ types with the only difference being that Editors are not allows to delete content (from what understand). But both types of permissions have the ability to Create and Edit, which I do not want.
Does anyone know how I can make sure that the user hitting the API is only allowed to VIEW the content, but not to Edit / Create / Delete ?

Thanks a lot…

Hi @damienbkx that’s a great question!

I will need to verify this, because I do not know on top of my head. @jclausen any thoughts on this?