Adobe Experience Manager Sites & More

sreenu539 · 10/27/23

Hi,

I have an apigee api end point which require api key, oauth token to make a post request from client library js.

Could any one share their experience on how to achieve this.

Where to store client id / consumer key, consumer secret if I need to get oauth token first ?

Thanks for any insights.

sherinregi · 10/30/23

Its not recommended to store the client id/ secret in client side because it can be easily exploitable and extracted from dev tools.

My suggestion would be a two step approach where you have a BE call a servlet that can inturn fetch you the oauth token using the ID and secret stored in BE. This token can be stored in client side based on the expiration time and can be used to make the apigee request.

At the apigee side you can configure rate limit to ensure you are not getting too many requests and also restrict the endpoint usage to certain domain probably your website to make sure invalid requests are blocked.

Hope it helps

View solution in original post

sherinregi · 10/30/23

Hi @sreenu539

Its not recommended to store the client id/ secret in client side because it can be easily exploitable and extracted from dev tools.

My suggestion would be a two step approach where you have a BE call a servlet that can inturn fetch you the oauth token using the ID and secret stored in BE. This token can be stored in client side based on the expiration time and can be used to make the apigee request.

At the apigee side you can configure rate limit to ensure you are not getting too many requests and also restrict the endpoint usage to certain domain probably your website to make sure invalid requests are blocked.

Hope it helps

Adobe Experience Manager Sites & More

consuming apigee api through oauth in aem application

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe