SOLVED
Can the Assets HTTP API be used via public domain for Content Fragment?
1 Accepted Solution
Correct answer by
Hi @baoyu_li ,
It depends on business requirement whether you want to keep your Asset API for GET operation as open public API (without authentication, just think of an ecommerce application, where you want to get all data of products/catalog and you do not want to restrict with authentication ), in that case the GET calls can be just made public.
If the Assets REST API is used within an environment without specific authentication requirements, AEM’s CORS filter needs to be configured correctly.
In another case, when you want to have authentication in place before any CRUD operation (for PUT, POST DELETE there will/should always be authentication though) then you will put security in place. as per documentation, multiple options are possible and OAuth is proposed.
Check this video if it helps-
https://www.youtube.com/watch?v=Yn7ybOwfIYY
Reference-
Correct answer by
Hi @baoyu_li ,
It depends on business requirement whether you want to keep your Asset API for GET operation as open public API (without authentication, just think of an ecommerce application, where you want to get all data of products/catalog and you do not want to restrict with authentication ), in that case the GET calls can be just made public.
If the Assets REST API is used within an environment without specific authentication requirements, AEM’s CORS filter needs to be configured correctly.
In another case, when you want to have authentication in place before any CRUD operation (for PUT, POST DELETE there will/should always be authentication though) then you will put security in place. as per documentation, multiple options are possible and OAuth is proposed.
Check this video if it helps-
https://www.youtube.com/watch?v=Yn7ybOwfIYY
Reference-
