Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Adobe Summit 2023 [19th to 23rd March, Las Vegas and Virtual] | Complete AEM Session & Lab list

Assets API CRUD operations

Avatar

Level 2

Hi All,

 

We want to use Assets API to only expose Content Fragments as JSON and not allow Create, update and delete operation.

 

What is the best way to block these operation? Add DENY rule in dispatcher filter on POST method for /api/assets path or any other options available?

 

Appreciate inputs.

 

Thanks.

0 Replies

Avatar

Community Advisor

Hi @Antony6790 

 

You can block all the request by default and allow only the GET requests with /api/assets path and JSON as the extension.

This will ensure only fetching the asset details/retrieval of asset is allowed whereas rest all operations are blocked.

 

/0001 { /type "deny" /glob "*"}
/000X #other rules are here for website
/0003 { /type "allow" /method "GET" /url "/api/assets/*" /extension 'json' } #whatever path it is.

 

Thanks!

Avatar

Level 2
We are trying to expose CF from Publisher using a separate dispatcher domain. We want to restrict at dispatcher itself before even reaching publisher.

The ultimate experience is back.

Join us in Vegas to build skills, learn from the world's top brands, and be inspired.

Register Now