Assets API CRUD operations

Forum|Forum|4 years ago
April 15, 2021
2 replies
1105 views

Hi All,

We want to use Assets API to only expose Content Fragments as JSON and not allow Create, update and delete operation.

What is the best way to block these operation? Add DENY rule in dispatcher filter on POST method for /api/assets path or any other options available?

Appreciate inputs.

Thanks.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Asutosh_Jena_

Community Advisor

Hi @antony6790

You can block all the request by default and allow only the GET requests with /api/assets path and JSON as the extension.

This will ensure only fetching the asset details/retrieval of asset is allowed whereas rest all operations are blocked.

/0001 { /type "deny" /glob "*"}
/000X #other rules are here for website
/0003 { /type "allow" /method "GET" /url "/api/assets/*" /extension 'json' } #whatever path it is.

Thanks!

joerghoh

Adobe Employee

Are ACLs on the asset an option?

A

Antony6790Author

We are trying to expose CF from Publisher using a separate dispatcher domain. We want to restrict at dispatcher itself before even reaching publisher.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded