Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED
How to access aem API for outside user .
1 Accepted Solution
Correct answer by
Hi,
If you are using AEMaaCS, you could utilize Service Credentials, which is a token-based authentication method. This is well-detailed here: https://experienceleague.adobe.com/en/docs/experience-manager-learn/getting-started-with-aem-headles... and here: https://techrevel.blog/2023/09/06/access-restricted-resources-on-aemaacs-with-java-and-service-accou....
If you are not using AEMaaCS, then the method you choose depends on how secure you need it to be. You could opt for a Basic Authentication method, where a username and password are sent across with the request. While this approach is not the best nor recommended, it can be acceptable for controlled activities within a specific timeframe, assuming no security breaches are expected. Here is an example: https://sourcedcode.com/blog/aem/how-to-get-authorization-basic-auth-header-from-aem-author for this. Essentially, you create an AEM user and share the credentials with whoever uses your service.
Alternatively, you could choose the OAuth 2.0 approach, which is the preferred approach. Here is a good example of how to implement this: https://medium.com/tech-learnings/how-to-manage-the-protected-aem-resources-through-oauth-2-0-851ce4....
Hope this helps
Esteban Bustamante
Correct answer by
Hi,
If you are using AEMaaCS, you could utilize Service Credentials, which is a token-based authentication method. This is well-detailed here: https://experienceleague.adobe.com/en/docs/experience-manager-learn/getting-started-with-aem-headles... and here: https://techrevel.blog/2023/09/06/access-restricted-resources-on-aemaacs-with-java-and-service-accou....
If you are not using AEMaaCS, then the method you choose depends on how secure you need it to be. You could opt for a Basic Authentication method, where a username and password are sent across with the request. While this approach is not the best nor recommended, it can be acceptable for controlled activities within a specific timeframe, assuming no security breaches are expected. Here is an example: https://sourcedcode.com/blog/aem/how-to-get-authorization-basic-auth-header-from-aem-author for this. Essentially, you create an AEM user and share the credentials with whoever uses your service.
Alternatively, you could choose the OAuth 2.0 approach, which is the preferred approach. Here is a good example of how to implement this: https://medium.com/tech-learnings/how-to-manage-the-protected-aem-resources-through-oauth-2-0-851ce4....
Hope this helps
Esteban Bustamante
Related Conversations
