We started out using Prismic as a totally public repository, but now we are looking into locking it down.
Is the API access level applied globally across the board to all Documents? Meaning if I set the access to Private, I will have to provide an access token to access all documents?
What about Media? We use the Prismic Media uploads to manage assets for both our public facing website, and our internal sites. Will our Media still be publicly accessible (for example, as image "src" tags on our website), or will they go private as well?
I think what we really need is the ability to have some content be truly public, with other content private. How are others managing this? Is this supported somehow?
I believe the decision to make the repo private is binary. I don't believe you can specify what in the repo is private and what is not. I suppose a possibility would be to make two repos in Prismic so you can have one that's public and one that's not.
Thanks. That's what I worried. I will look into the pricing model and see if this is an option for us.
Private repos will only mean that people won't be able to hit your content through the public API without an access token. Any assets will still be public if someone has the URL to those assets. If you want to have some sort of membership access, you would need to configure that in your web application.
Oh, interesting! And by "Assets" here, you mean "media" assets, right? Images and PDFs that we have uploaded into our "Media" area of Prismic, for example.
Our "Documents" content (instances of our custom types, both repeating and single) won't be accessible without an API token, will they?
That's right, you've understood correctly in both cases.
Thank you for clarifying that. I think we can work with that. Appreciate the responses.