Before asking the question, it is important to explain a bit about my setup.
I have a frontned website which is in react.
I have a backend which is nestjs based. Only authenticated user can access /blog which articles fetched from ghost, and rendered through react.
I have ghost running on a container, and I am accessing it from my backend through its hostname(container name), and only authenticated user can hit the API.
I want to create a subscribe to newsletter form on my frontend, which takes people’s email and subscribe them to the newsletter. Let’s say I have created one news letter for each tag - progamming, tech-news, all etc. What I want to do is, I want users to be able to select from existing newsletters and should get newsletter for that particular newsletter only.
For that, I tried to first hit the endpoint given under admin api section of ghost documentation, but it gave me 403 forbidden error. Here’s the command that I hit.
My ghost runs at 8040. This is just I am trying to see what data I get if I hit this. The admin api key wont be exposed to the frontend, it should be avaialble on the backend, that too from a .env file. Imagine it to be coming from something like /backend/api/all-newsletter
The URL is correct. Can you show us the code you use in your backend to send the request?
Also, keep in mind that Ghost specifically mentions that newsletters have issues in headless mode:
If you use Ghost’s built-in newsletter functionality, unsubscribe links in emails will point to the Ghost origin - and these URLs will break if redirected.
Hi. Actually I have not implemented the backend(for this route) so there’s no functionality that is being handles. the URL you see directly communicates with ghost container that I have spun using docker-compose.
P.S: I am right now trying to access the ghost directly through postman, and I am getting forbidden error(403). I have not introduced backend yet.
I initially tried the link in my browser. It worked there. As it turns out, that was due to my admin cookie being present in the browser.
When I tried it in RapidAPI (similar to Postman), I encountered the same error as you. However, the context that is returned is pretty clear, I think:
Unable to determine the authenticated user or integration. Check that cookies are being passed through if using session authentication.
The key property in the URL is irrelevant for the admin API. That method only works for the content API (same endpoint exists there). The admin API always needs to be authenticated properly:
You have choice of different authentication and I’d argue that the token authentication is the easiest for your use case. The admin API key you see in the Ghost backend cannot be used directly though. You’ll need to use the information in there to generate a JWT, as outlined in the documentation I linked above.
It makes total sense. I will implement some way on my backend to generate the jwt token and then send a request to ghost along with the updated headers. I really appreciate your help to guide me to the solution.