Contentful logo

Contentful Community

Nested Category Browser Contentful UI Extension

This extension lets you display a nested tree of categories with checkboxes to display and edit which categories are selected.

Details and instructions for use can be found here:


Nice work!

Why are you using contentful.createClient to getting entries when you can use directly the extension with

This new approach removes the need to insert deliveryToken in the code, that is a bad practice.


I do it for 2 reasons:

  • to get the full tree of categories
  • to allow for workflow around categories (i.e., only get the published categories, not any draft ones)

The call uses the management API which does not do nested link resolution.

I realize having the delivery API token in the UI extension might be a security concern but in most cases the delivery token is already exposed publicly.

Hi there,

Felipe from Contentful’s Security Team here.

As much as the Delivery API Token is by definition a token, developers make their own decision on how to use them. If content is being delivered directly to the end user via their browser, then it is necessary to insert the token in the code. Other customers wrap the code in our SDK and deliver only readily consumable content to the end user’s browser.

A way to minimize the risk is to create a specific Content Delivery API key for that, which you can revoke at any time. The content that this key has access is deemed public.

The token that you should never ever share is the personal access token (PAT), which is individual per user and should only be used for management.



Would this work on Menus as well?

A menu would need a label/value pair. e.g.:
Label : Home