Hi,
We are exposing HTML , CSS and JS to third party applications within same domain. Can you please suggest API security we can implement to prevent it from accessing .
AEM by default is not allowing AJAX from other domain. But it can be accessed anywhere through browser directly.
Thanks,
Poovitha S
Views
Replies
Total Likes
The preferred way to put security If you are using Cloud version is to use token-based authentication: https://experienceleague.adobe.com/docs/experience-manager-learn/getting-started-with-aem-headless/a... , and if you are using AEM on premise you should use oauth2.0: https://medium.com/tech-learnings/how-to-manage-the-protected-aem-resources-through-oauth-2-0-851ce4...
Hello @PoovithaSelvaraj -
Here are some security considerations that you may consider :