Requirement- we hv an API which is built on AEM and migration user want to access that API that points to author server. we have used the sling servlet to build the API what kind of authorization and authentication should i pass in the servlet so that user can use that API from outside. Please share some example to achieve this .
Hi,
If you are using AEMaaCS, you could utilize Service Credentials, which is a token-based authentication method. This is well-detailed here: https://experienceleague.adobe.com/en/docs/experience-manager-learn/getting-started-with-aem-headless/authentication/service-credentials and here: https://techrevel.blog/2023/09/06/access-restricted-resources-on-aemaacs-with-java-and-service-accounts/.
If you are not using AEMaaCS, then the method you choose depends on how secure you need it to be. You could opt for a Basic Authentication method, where a username and password are sent across with the request. While this approach is not the best nor recommended, it can be acceptable for controlled activities within a specific timeframe, assuming no security breaches are expected. Here is an example: https://sourcedcode.com/blog/aem/how-to-get-authorization-basic-auth-header-from-aem-author for this. Essentially, you create an AEM user and share the credentials with whoever uses your service.
Alternatively, you could choose the OAuth 2.0 approach, which is the preferred approach. Here is a good example of how to implement this: https://medium.com/tech-learnings/how-to-manage-the-protected-aem-resources-through-oauth-2-0-851ce4c7a5ef.
Hope this helps
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
