Expand my Community achievements bar.

AEM Headless authentication in Publish Environment

Avatar

Level 1
Level 1
2/4/25 8:50:01 PM

At Present, We use content fragments in AEM and we have multiple team consume CF using assets API.
I noticed that in my environment, the api request to author instance  requires authentication whereas request exposed by the publish instance are served without authentication. 
I need to expose the api through the dispatcher to internet but I would like to be authentication protected. What does adobe recommended solution for this implementation? 

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Experience Manager Experience Manager as a Cloud Service Headless

Views

367

Replies

7
Sign in to like this content

Total Likes

Translate
Translate
7 Replies

Avatar

Community Advisor
Community Advisor
2/6/25 4:24:44 AM

Hi @DhinuBa 

 

The recommendation is to use the new OpenAPI based apis. Please refer this documentation for the list of available APIs - https://developer.adobe.com/experience-cloud/experience-manager-apis/

 

This also covers your concern for the authentication. Hope this helps!

 

Thanks

Narendra

Views

325

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
2/6/25 4:42:13 AM

Hi @DhinuBa ,

 

These 3 simple steps would help you to expose API to 3rd party consumers or your SPA FE.

Step 1: Expose API via Dispatcher

Step 2: Require Authentication via OAuth/JWT

Step 3: Implement Token Validation in AEM

Refer these links for more details

https://experienceleague.adobe.com/en/docs/events/adobe-developers-live-recordings/2021/feb2021/api-... 

Once its all done, You will need to create Content Fragments suitable for API Delivery, Here is the API Schema that helps https://developer.adobe.com/experience-cloud/experience-manager-apis/api/experimental/sites/delivery... 

 

Hope this helps,

Thanks,

Aditya Chabuku

Views

323

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
2/7/25 12:16:25 PM
In response to Aditya_Chabuku

This works fine for author. When it comes to publisher, it works even without authentication. Our use case is, we should not allow to retrieve content without authorization in publisher as well.

Views

287

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Administrator
Administrator
2/10/25 2:48:49 AM

@DhinuBa Did you find the suggestions helpful? Please let us know if you need more information. If a response worked, kindly mark it as correct for posterity; alternatively, if you found a solution yourself, we’d appreciate it if you could share it with the community. Thank you!



Kautuk Sahni

Views

245

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
2/20/25 8:26:06 AM

Hi @DhinuBa ,
Did you find any solution for this issue?

Views

140

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
2/20/25 8:28:32 AM
In response to Karthik_2

No, Still I am looking for a solution

Views

132

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
2/20/25 8:38:26 AM
In response to DhinuBa

Checkout this doc, where it says content can be protected using CUGs, 
Protected content in AEM Headless | Adobe Experience Manager

Views

125

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
localsetup setup Headless & GraphQL error Solved

Views

481

Likes

0

Replies

3
How can we get the count of total results in GraphQL Solved

Views

1.1K

Likes

0

Replies

7
How to redirect request without losing query string aem dispatcher Solved

Views

732

Likes

0

Replies

3
How to use data-sly-use in SPA React for content fragments? Solved

Views

632

Likes

0

Replies

2
AEM React hybrid approach (Normal AEM + SPA Component use together) Solved

Views

920

Likes

0

Replies

3