Requirement- we hv an API which is built on AEM and migration user want to access that API that points to author server. we have used the sling servlet to build the API what kind of authorization and authentication should i pass in the servlet so that user can use that API from outside. Please share some example to achieve this .
Solved! Go to Solution.
Views
Replies
Total Likes
Hi,
If you are using AEMaaCS, you could utilize Service Credentials, which is a token-based authentication method. This is well-detailed here: https://experienceleague.adobe.com/en/docs/experience-manager-learn/getting-started-with-aem-headles... and here: https://techrevel.blog/2023/09/06/access-restricted-resources-on-aemaacs-with-java-and-service-accou....
If you are not using AEMaaCS, then the method you choose depends on how secure you need it to be. You could opt for a Basic Authentication method, where a username and password are sent across with the request. While this approach is not the best nor recommended, it can be acceptable for controlled activities within a specific timeframe, assuming no security breaches are expected. Here is an example: https://sourcedcode.com/blog/aem/how-to-get-authorization-basic-auth-header-from-aem-author for this. Essentially, you create an AEM user and share the credentials with whoever uses your service.
Alternatively, you could choose the OAuth 2.0 approach, which is the preferred approach. Here is a good example of how to implement this: https://medium.com/tech-learnings/how-to-manage-the-protected-aem-resources-through-oauth-2-0-851ce4....
Hope this helps
Hi,
If you are using AEMaaCS, you could utilize Service Credentials, which is a token-based authentication method. This is well-detailed here: https://experienceleague.adobe.com/en/docs/experience-manager-learn/getting-started-with-aem-headles... and here: https://techrevel.blog/2023/09/06/access-restricted-resources-on-aemaacs-with-java-and-service-accou....
If you are not using AEMaaCS, then the method you choose depends on how secure you need it to be. You could opt for a Basic Authentication method, where a username and password are sent across with the request. While this approach is not the best nor recommended, it can be acceptable for controlled activities within a specific timeframe, assuming no security breaches are expected. Here is an example: https://sourcedcode.com/blog/aem/how-to-get-authorization-basic-auth-header-from-aem-author for this. Essentially, you create an AEM user and share the credentials with whoever uses your service.
Alternatively, you could choose the OAuth 2.0 approach, which is the preferred approach. Here is a good example of how to implement this: https://medium.com/tech-learnings/how-to-manage-the-protected-aem-resources-through-oauth-2-0-851ce4....
Hope this helps
@djohn98390536 What version of AEM are you using? There are a few quick win options available for AEM as cloud service.
For AEMaCS you can generate a temp/long term token based on your need and use token based authentication to access any AEM tier resources. I recently used this to access AEM publish tier resources as we wanted to validate our AEM publish tier content.
Views
Replies
Total Likes
Hi @Harwinder-singh we r using AEMaaCS .
Views
Replies
Total Likes