Allow querying drafts from Content API by id only

Hello everyone,

As far as I can tell, it is not possible to query draft posts from the content API:

Request:

curl <url>/ghost/api/v2/content/posts/?key=<key>&status=draft

Result:

{
  "errors": [
    {
      "message": "You do not have permission to retrieve posts with that status",
      "errorType": "NoPermissionError"
    }
  ]
}

I have also tried using a filter, but filtering on status does not affect the results. Strangely, it does not respond with an error either. (Entering an invalid filter type, for instance, responds with an error.)

curl <url>/ghost/api/v2/content/posts/?key=<key>&filter=status%3Adraft

What I would like to propose is the ability to query for drafts via a read request but not browse.

With a sufficiently random (non enumerable) id, exposing draft content only for callers who posses the id should not be a significant risk to exposing draft content.

With this change, a request to /ghost/api/v2/content/posts/:uuid could return a draft post but draft posts would not be accessible by :slug or in a browse request.

I am interested in this feature because I am using Ghost as a “headless” backend alongside Gatsby and I would like to support viewing post previews.

Expecting the draft post’s UUID in the query would mean that the existing “View Preview” popup in the admin editor could be re-used to support previews in a Gatsby site as well.

This change should not be considered any less secure than the current implementation since it is already possible to visit the url /p/<:uuid>/ in the browser to view a preview.


If this is something that the Ghost team would be open to, I would be happy work on this feature.

Thanks for reading!

I also would love to have this, and I’m open to contribute if needed :smile:

1 Like

Just wanted to bump this topic to see if there is any interest by the Ghost maintainers to implement something like this?

Has there been any movement on this?. Definitely a very useful feature that looks to be missing

Adding to this - it would be great if we could change the URL of the preview link on admin

Bumping as this would be a fantastic addition to those of us using the API to power external sites. Especially being able to make sure we’re rendering Ghost’s generated markdown appropriately before publishing would be a huge win.

I have the same use case. Would be nice to see Draft posts rendered before building and deploying the static site.

How is this not an option already? Surprising me as we need it also.

This would be very helpful, so we can check things are looking correct on our site before publishing.

Hey all,

It is possible to query for draft posts, but you’ll need to use the Admin API rather than the Content API. Recently Next.js introduced ‘previews’ which should work very nicely with Ghost drafts, check it out:

1 Like