Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Consume AEM XF externally

Avatar

Level 3

Using AEMaaCS, we have created and published an experience fragment to be consumed by an external site. 

 

We have generated local development credentials and using Postman, have authenticated with the author instance and retrieved the XF content without issue.

Attempting to reuse the same postman request, replacing author with publish url, the request fails (403 - forbidden response). 

 

What is needed to retrieve the content from publish?

Aside from adding allow filter for XF path to filters.any what other configuration might be required for dispatcher config?

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

It's not best practice to have external website's access your publishers or authors, rather to expose the content via at the dispatcher. You can enable the new path of /content/experience-fragments/* in the filters within the dispatcher rules, so public requests can resolve 200OK to the experience-fragment resources. When the XF is served from the dispatcher, it will be more performant, given that the the experience fragment data can be accessed by .html or .json, which will be cached by the webserver and CDN level. If you do this, you will reduce server-load on your precious AEM author and publisher servers, and subsequent requests would serve the cached version of that particular XF.

XF = experience fragments.

View solution in original post

4 Replies

Avatar

Community Advisor

@campaignap:

In postman , I hope you have selected the Authrorization type as "Basic Auth" and you are providing the credentials which are exist in Publisher as well.

 

Thanks 

Siva

Thanks,
Siva

Avatar

Correct answer by
Community Advisor

It's not best practice to have external website's access your publishers or authors, rather to expose the content via at the dispatcher. You can enable the new path of /content/experience-fragments/* in the filters within the dispatcher rules, so public requests can resolve 200OK to the experience-fragment resources. When the XF is served from the dispatcher, it will be more performant, given that the the experience fragment data can be accessed by .html or .json, which will be cached by the webserver and CDN level. If you do this, you will reduce server-load on your precious AEM author and publisher servers, and subsequent requests would serve the cached version of that particular XF.

XF = experience fragments.

Avatar

Level 3

Thanks for the response @BrianKasingli. The intention is to serve content via the dispatcher url.

 

We have allowed the path /content/experience-fragments/* however when accessing via dispatcher url - 403 (forbidden response) is returned hence I am trying to work backwards, verifying authorization against publish then dispatcher.  

Avatar

Community Advisor

Hello @campaignap 

 

Once the Service credentials are generated, in case of Author, a user matching the tech account credential would have been created. You might have also added access to this user.

 

Can you try executing the same steps on publish? Replicate the user or create user via netcentric tool or repoinit scripts. Then assign access.

 

Please try using dispatcher URL instead of publish URL, once the access issue is resolved, It would provide caching benefits as well


Aanchal Sikka