Using AEMaaCS, we have created and published an experience fragment to be consumed by an external site.
We have generated local development credentials and using Postman, have authenticated with the author instance and retrieved the XF content without issue.
Attempting to reuse the same postman request, replacing author with publish url, the request fails (403 - forbidden response).
What is needed to retrieve the content from publish?
Aside from adding allow filter for XF path to filters.any what other configuration might be required for dispatcher config?
Solved! Go to Solution.
Views
Replies
Total Likes
It's not best practice to have external website's access your publishers or authors, rather to expose the content via at the dispatcher. You can enable the new path of /content/experience-fragments/* in the filters within the dispatcher rules, so public requests can resolve 200OK to the experience-fragment resources. When the XF is served from the dispatcher, it will be more performant, given that the the experience fragment data can be accessed by .html or .json, which will be cached by the webserver and CDN level. If you do this, you will reduce server-load on your precious AEM author and publisher servers, and subsequent requests would serve the cached version of that particular XF.
XF = experience fragments.
In postman , I hope you have selected the Authrorization type as "Basic Auth" and you are providing the credentials which are exist in Publisher as well.
Thanks
Siva
It's not best practice to have external website's access your publishers or authors, rather to expose the content via at the dispatcher. You can enable the new path of /content/experience-fragments/* in the filters within the dispatcher rules, so public requests can resolve 200OK to the experience-fragment resources. When the XF is served from the dispatcher, it will be more performant, given that the the experience fragment data can be accessed by .html or .json, which will be cached by the webserver and CDN level. If you do this, you will reduce server-load on your precious AEM author and publisher servers, and subsequent requests would serve the cached version of that particular XF.
XF = experience fragments.
Thanks for the response @BrianKasingli. The intention is to serve content via the dispatcher url.
We have allowed the path /content/experience-fragments/* however when accessing via dispatcher url - 403 (forbidden response) is returned hence I am trying to work backwards, verifying authorization against publish then dispatcher.
Hello @campaignap
Once the Service credentials are generated, in case of Author, a user matching the tech account credential would have been created. You might have also added access to this user.
Can you try executing the same steps on publish? Replicate the user or create user via netcentric tool or repoinit scripts. Then assign access.
Please try using dispatcher URL instead of publish URL, once the access issue is resolved, It would provide caching benefits as well