Adobe Experience Manager Sites & More

Securing content for GraphQL queries by Aanchal Sikka

Abstract

The Adobe Experience Manager as a Cloud Service (AEM) GraphQL API for Content Fragment Delivery serves as a crucial solution for accepting external queries from third-party applications or services. The main objective is to enable secure headless content delivery by facilitating authenticated API access for remote queries.

This can be achieved by using Access Tokens for accessing GraphQL end-points.

Scenarios:
There are various scenarios for accessing an application:

Consistent access setup: This involves a configuration where permissions remain relatively stable and do not change frequently.
Dynamic access setup: In this scenario, authors have the ability to control access to specific folders. This approach is commonly implemented in conjunction with Closed User Groups (CUG) to provide granular access control.
In the following sections, we will explore both approaches. While the majority of the steps remain the same, there are some variations. For the “Consistent Access Set up,” you can bypass the “Setting up CUG” section and proceed directly to the “Generate Service Credentials” step.

1. Setting up CUG for access restrictions
CUG (Closed User Group) and permission-sensitive caching are essential features in Adobe Experience Manager (AEM) for enhancing content security and optimizing performance. CUG allows business-administrators to define access restrictions, ensuring that only authorized users can view and interact with specific content. Permission-sensitive caching leverages this information to intelligently cache and deliver content based on user permissions, resulting in faster page rendering and reduced server load. By combining CUG and permission-sensitive caching, AEM provides a robust solution that enhances content security while optimizing performance for authenticated users.

Read Full Blog

Securing content for GraphQL queries

Q&A

Please use this thread to ask the related questions.