Skip to main content
J
JavedZi
Level 2
April 29, 2026
Question

How to make REST API Call {GET & POST} from AEM author using OAuth

  • April 29, 2026
  • 2 replies
  • 68 views

I have a situation where i need to make an AEM author post call from my OSGI Service, now we need some authentication to make this call , i tried with basic auth and it works absolutely fine. But i am looking for more secure option like by using bearer token and upon researching i found out we can use OAuth since JWT is deprecated. But after setting up OAuth i am getting 403 Forbidden from my api call response, earlier i used to get 401 unauthorized. Can someone suggest what should be the ideal setup for making AEM API calls using OAuth, it seems i have set it up incorrectly.

2 replies

S
Adobe Employee
SubbaraoGa1Adobe Employee
Adobe Employee
April 30, 2026

@JavedZi 

Assuming you are on AEM as a Cloud Service and calling an OpenAPI-based AEM Author API over HTTP from your OSGi service: the right external auth model is OAuth Server-to-Server. A move from 401 to 403 usually means your token is now being accepted, but the request is still not authorized for that API/environment/profile.
If your OSGi service is running inside the same AEM instance and only needs repository access, the better pattern is not HTTP + OAuth at all — use a service user with ResourceResolverFactory.getServiceResourceResolver(...).
Sources:

J
JavedZiAuthor
Level 2
May 2, 2026

Hi ​@SubbaraoGa1  Thanks for the reply , actually I am making an AEM servlet call to author instance from publisher instance to write logs in AEM Author DAM , hence i believe i need to use HTTP call only since both author and publisher are running on different JVM’s

S
Adobe Employee
SubbaraoGa1Adobe Employee
Adobe Employee
May 4, 2026

@JavedZi 

Since this is a Publish-to-Author call to a custom AEM servlet, an HTTP call is expected because Publish and Author are separate AEM instances. However, because the target is a custom servlet rather than an OpenAPI-based AEM API, the recommended authentication pattern is AEM Developer Console service credentials / server-side token generation, not Adobe Developer Console OAuth Server-to-Server for OpenAPI APIs.

The 403 Forbidden response usually indicates that authentication is now happening, but the resulting technical account does not yet have the required DAM write permissions on Author.

Terms & ConditionsAccessibility statement

Loading footer...