Allow querying drafts from Content API by id only

nbrempel · February 3, 2019, 7:27pm

Hello everyone,

As far as I can tell, it is not possible to query draft posts from the content API:

Request:

curl <url>/ghost/api/v2/content/posts/?key=<key>&status=draft

Result:

{
  "errors": [
    {
      "message": "You do not have permission to retrieve posts with that status",
      "errorType": "NoPermissionError"
    }
  ]
}

I have also tried using a filter, but filtering on status does not affect the results. Strangely, it does not respond with an error either. (Entering an invalid filter type, for instance, responds with an error.)

curl <url>/ghost/api/v2/content/posts/?key=<key>&filter=status%3Adraft

What I would like to propose is the ability to query for drafts via a read request but not browse.

With a sufficiently random (non enumerable) id, exposing draft content only for callers who posses the id should not be a significant risk to exposing draft content.

With this change, a request to /ghost/api/v2/content/posts/:uuid could return a draft post but draft posts would not be accessible by :slug or in a browse request.

I am interested in this feature because I am using Ghost as a “headless” backend alongside Gatsby and I would like to support viewing post previews.

Expecting the draft post’s UUID in the query would mean that the existing “View Preview” popup in the admin editor could be re-used to support previews in a Gatsby site as well.

This change should not be considered any less secure than the current implementation since it is already possible to visit the url /p/<:uuid>/ in the browser to view a preview.

If this is something that the Ghost team would be open to, I would be happy work on this feature.

Thanks for reading!

m1guelpf · February 3, 2019, 8:26pm

I also would love to have this, and I’m open to contribute if needed

nbrempel · February 16, 2019, 4:39pm

Just wanted to bump this topic to see if there is any interest by the Ghost maintainers to implement something like this?

adrianObel · October 31, 2019, 7:07pm

Has there been any movement on this?. Definitely a very useful feature that looks to be missing

adrianObel · November 14, 2019, 7:00pm

Adding to this - it would be great if we could change the URL of the preview link on admin

brianlovin · December 5, 2019, 1:16pm

Bumping as this would be a fantastic addition to those of us using the API to power external sites. Especially being able to make sure we’re rendering Ghost’s generated markdown appropriately before publishing would be a huge win.

shadycuz · December 22, 2019, 11:51am

I have the same use case. Would be nice to see Draft posts rendered before building and deploying the static site.

top_hat · January 23, 2020, 10:09am

How is this not an option already? Surprising me as we need it also.

BenGale · January 25, 2020, 11:08am

This would be very helpful, so we can check things are looking correct on our site before publishing.

DavidDarnes · March 12, 2020, 10:17am

Hey all,

It is possible to query for draft posts, but you’ll need to use the Admin API rather than the Content API. Recently Next.js introduced ‘previews’ which should work very nicely with Ghost drafts, check it out:

Topic		Replies	Views
Preview article using Ghost REST API? Developer help	6	1427	August 20, 2018
How to get all drafts data using content API? Developer help	18	430	February 1, 2024
Connect ghsot with gatsbyjs to get all posts Developer help	1	374	April 3, 2020
[Feature] Add User query to gatsby-source-ghost Developer help	2	498	March 22, 2020
How to support gatsby preview with Ghost? Developer help	4	720	September 16, 2020

Allow querying drafts from Content API by id only

Related topics