Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Assets API CRUD operations

Avatar

Avatar
Boost 3
Level 2
Antony6790
Level 2

Likes

3 likes

Total Posts

21 posts

Correct Reply

1 solution
Top badges earned
Boost 3
Ignite 1
Give Back
Boost 1
Affirm 1
View profile

Avatar
Boost 3
Level 2
Antony6790
Level 2

Likes

3 likes

Total Posts

21 posts

Correct Reply

1 solution
Top badges earned
Boost 3
Ignite 1
Give Back
Boost 1
Affirm 1
View profile
Antony6790
Level 2

14-04-2021

Hi All,

 

We want to use Assets API to only expose Content Fragments as JSON and not allow Create, update and delete operation.

 

What is the best way to block these operation? Add DENY rule in dispatcher filter on POST method for /api/assets path or any other options available?

 

Appreciate inputs.

 

Thanks.

Replies

Avatar

Avatar
Affirm 100
Level 10
asutosh_jena
Level 10

Likes

372 likes

Total Posts

474 posts

Correct Reply

134 solutions
Top badges earned
Affirm 100
Ignite 1
Establish
Give Back 50
Give Back 5
View profile

Avatar
Affirm 100
Level 10
asutosh_jena
Level 10

Likes

372 likes

Total Posts

474 posts

Correct Reply

134 solutions
Top badges earned
Affirm 100
Ignite 1
Establish
Give Back 50
Give Back 5
View profile
asutosh_jena
Level 10

15-04-2021

Hi @Antony6790 

 

You can block all the request by default and allow only the GET requests with /api/assets path and JSON as the extension.

This will ensure only fetching the asset details/retrieval of asset is allowed whereas rest all operations are blocked.

 

/0001 { /type "deny" /glob "*"}
/000X #other rules are here for website
/0003 { /type "allow" /method "GET" /url "/api/assets/*" /extension 'json' } #whatever path it is.

 

Thanks!

Avatar

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,081 likes

Total Posts

3,121 posts

Correct Reply

1,061 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,081 likes

Total Posts

3,121 posts

Correct Reply

1,061 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile
Jörg_Hoh
Employee

15-04-2021

Are ACLs on the asset an option?

Avatar

Avatar
Boost 3
Level 2
Antony6790
Level 2

Likes

3 likes

Total Posts

21 posts

Correct Reply

1 solution
Top badges earned
Boost 3
Ignite 1
Give Back
Boost 1
Affirm 1
View profile

Avatar
Boost 3
Level 2
Antony6790
Level 2

Likes

3 likes

Total Posts

21 posts

Correct Reply

1 solution
Top badges earned
Boost 3
Ignite 1
Give Back
Boost 1
Affirm 1
View profile
Antony6790
Level 2

15-04-2021

We are trying to expose CF from Publisher using a separate dispatcher domain. We want to restrict at dispatcher itself before even reaching publisher.