Expand my Community achievements bar.

SOLVED

How to access aem API for outside user .

Avatar

Level 4

Requirement- we hv an API which is built on AEM and migration user want to access that API that points to author server. we have used the sling servlet to build the API what kind of authorization and authentication should i pass in the servlet so that user can use that API from outside. Please share some example to achieve this .

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi,

If you are using AEMaaCS, you could utilize Service Credentials, which is a token-based authentication method. This is well-detailed here: https://experienceleague.adobe.com/en/docs/experience-manager-learn/getting-started-with-aem-headles... and here: https://techrevel.blog/2023/09/06/access-restricted-resources-on-aemaacs-with-java-and-service-accou....

 

If you are not using AEMaaCS, then the method you choose depends on how secure you need it to be. You could opt for a Basic Authentication method, where a username and password are sent across with the request. While this approach is not the best nor recommended, it can be acceptable for controlled activities within a specific timeframe, assuming no security breaches are expected. Here is an example: https://sourcedcode.com/blog/aem/how-to-get-authorization-basic-auth-header-from-aem-author for this. Essentially, you create an AEM user and share the credentials with whoever uses your service.

 

Alternatively, you could choose the OAuth 2.0 approach, which is the preferred approach. Here is a good example of how to implement this: https://medium.com/tech-learnings/how-to-manage-the-protected-aem-resources-through-oauth-2-0-851ce4....

 

Hope this helps



Esteban Bustamante

View solution in original post

3 Replies

Avatar

Correct answer by
Community Advisor

Hi,

If you are using AEMaaCS, you could utilize Service Credentials, which is a token-based authentication method. This is well-detailed here: https://experienceleague.adobe.com/en/docs/experience-manager-learn/getting-started-with-aem-headles... and here: https://techrevel.blog/2023/09/06/access-restricted-resources-on-aemaacs-with-java-and-service-accou....

 

If you are not using AEMaaCS, then the method you choose depends on how secure you need it to be. You could opt for a Basic Authentication method, where a username and password are sent across with the request. While this approach is not the best nor recommended, it can be acceptable for controlled activities within a specific timeframe, assuming no security breaches are expected. Here is an example: https://sourcedcode.com/blog/aem/how-to-get-authorization-basic-auth-header-from-aem-author for this. Essentially, you create an AEM user and share the credentials with whoever uses your service.

 

Alternatively, you could choose the OAuth 2.0 approach, which is the preferred approach. Here is a good example of how to implement this: https://medium.com/tech-learnings/how-to-manage-the-protected-aem-resources-through-oauth-2-0-851ce4....

 

Hope this helps



Esteban Bustamante

Avatar

Community Advisor

@djohn98390536 What version of AEM are you using? There are a few quick win options available for AEM as cloud service.

For AEMaCS you can generate a temp/long term token based on your need and use token based authentication to access any AEM tier resources. I recently used this to access AEM publish tier resources as we wanted to validate our AEM publish tier content.