Preview sessions
Choose a perspective and handle short-lived preview authorization.
Preview sessions are short-lived, read-only contexts for Draft or Release content. Published comparison uses ordinary published delivery, not a Published session.
Valid creation inputs
Draft requires an entity/type pair and forbids a Release:
{
"targetId": "TARGET_ID",
"perspective": "DRAFT",
"entityId": "ENTRY_ID",
"typeId": "TYPE_ID",
"languageId": "LOCALE_ID"
}
Release requires a Release ID. An optional entity and type must appear together:
{
"targetId": "TARGET_ID",
"perspective": "RELEASE",
"releaseId": "RELEASE_ID",
"entityId": "ENTRY_ID",
"typeId": "TYPE_ID"
}
Only Open, Scheduled, and Failed Releases are eligible. Failed Release preview is read-only.
A successful creation returns a jp_boot_… code, target URL, origin, perspective, expiry, and canEdit. Exchange the code once within 60 seconds; the resulting Preview Bearer lasts 30 minutes.
Access
Session creation checks each action independently:
previewTarget.readfor the target;previewSession.createfor every applicable Data Type;content.readfor each applicable Data Type and requested locale;release.readfor every Release item Data Type, or Backend-level Release access when empty;term.readVocabulary and locale scope determines which Terms can resolve.
content.update for the focused Data Type and locale sets canEdit; it does not grant mutation through Delivery. Revoking a session requires previewSession.revoke with matching scope.
Live checks
Jetrepo rechecks the target, Backend, Release state, actor permissions, Data Types, locales, and Vocabularies during use. Expiry, revocation, permission narrowing, target disable/delete, or an invalid Release context stops later requests.
Do not combine a delivery key and Preview Bearer. A Preview session never grants publish or mutation access.