Model public content for a published property

Why public content is modeled separately

MinuteWork separates private runtime behavior from intentionally published public delivery.

That means docs, marketing pages, blogs, and other anonymous surfaces should read from a public-safe snapshot contract, not from raw runtime database tables and not from browser-held credentials.

This is how MinuteWork keeps three things true at once:

• private drafts can stay private
• preview can still show unpublished work safely
• live pages can be generated from a publication-safe boundary

Start with the snapshot contract

Public documentation and other anonymous surfaces should read from a public-safe snapshot contract, not from raw runtime database tables and not from browser-held credentials.

Required server-side configuration

For the combined tenant-app starter and similar public surfaces, the important environment variables are:

• MW_CONTENT_API_TOKEN for server-only authentication
• MW_PUBLIC_BASE_URL for canonical URLs and SEO metadata
• MW_PUBLIC_SITE_PROPERTY_KEY for selecting the PublishedWebProperty
• MW_PUBLIC_SITE_ENV for choosing preview or live

Keep the token on the server only. The browser should never receive the content token used to fetch the snapshot.

Preview versus live

A safe rendering rule

Use this rule everywhere public content is rendered:

1. fetch the snapshot on the server
2. keep the token server-only
3. treat preview as draft-safe and live as publication-safe
4. derive canonical URLs from MW_PUBLIC_BASE_URL

Where this fits in the architecture

This guide sits on top of the broader platform model:

• private drafts and workflow state stay with the Server runtime
• published web surfaces read from an explicit public contract
• preview and live remain different trust levels even when the page tree is the same

Read next