Can the Assets HTTP API be used via public domain for Content Fragment?

Avatar

Avatar
Give Back
Level 1
baoyu_li
Level 1

Like

1 like

Total Posts

10 posts

Correct reply

0 solutions
Top badges earned
Give Back
Applaud 5
Boost 1
View profile

Avatar
Give Back
Level 1
baoyu_li
Level 1

Like

1 like

Total Posts

10 posts

Correct reply

0 solutions
Top badges earned
Give Back
Applaud 5
Boost 1
View profile
baoyu_li
Level 1

18-06-2021

Hi all,

 

Is it a correct way to use Assets HTTP API via public domain for Content Fragment delivery such as below?

https://my.site.com/api/assets/myapplication/folder/cftest.json

 

If so, what kind of security configuration is required to be able to do it?

Thanks in advance.

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Boost 5
Level 7
Ritesh_M
Level 7

Likes

179 likes

Total Posts

142 posts

Correct reply

45 solutions
Top badges earned
Boost 5
Boost 3
Boost 1
Applaud 5
Affirm 1
View profile

Avatar
Boost 5
Level 7
Ritesh_M
Level 7

Likes

179 likes

Total Posts

142 posts

Correct reply

45 solutions
Top badges earned
Boost 5
Boost 3
Boost 1
Applaud 5
Affirm 1
View profile
Ritesh_M
Level 7

18-06-2021

Hi @baoyu_li ,

 

It depends on business requirement whether you want to keep your Asset API for GET operation as open public API (without authentication, just think of an ecommerce application, where you want to get all data of products/catalog and you do not want to restrict with authentication ), in that case the GET calls can be just made public.

If the Assets REST API is used within an environment without specific authentication requirements, AEM’s CORS filter needs to be configured correctly.

 

In another case, when you want to have authentication in place before any CRUD operation (for PUT, POST DELETE there will/should always be authentication though) then you will put security in place. as per documentation, multiple options are possible and OAuth is proposed.

 

Check this video if it helps-

https://www.youtube.com/watch?v=Yn7ybOwfIYY

Reference-

https://experienceleague.adobe.com/docs/experience-manager-65/assets/extending/assets-api-content-fr...

Answers (0)