Expand my Community achievements bar.

July 31st AEM Gems Webinar: Elevate your AEM development to master the integration of private GitHub repositories within AEM Cloud Manager.
Register Now
SOLVED

How to access aem API for outside user .

Avatar

Level 4
Level 4
7/10/24 10:33:03 AM

Requirement- we hv an API which is built on AEM and migration user want to access that API that points to author server. we have used the sling servlet to build the API what kind of authorization and authentication should i pass in the servlet so that user can use that API from outside. Please share some example to achieve this .

Views

165

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
7/10/24 12:29:27 PM

Hi,

If you are using AEMaaCS, you could utilize Service Credentials, which is a token-based authentication method. This is well-detailed here: https://experienceleague.adobe.com/en/docs/experience-manager-learn/getting-started-with-aem-headles... and here: https://techrevel.blog/2023/09/06/access-restricted-resources-on-aemaacs-with-java-and-service-accou....

 

If you are not using AEMaaCS, then the method you choose depends on how secure you need it to be. You could opt for a Basic Authentication method, where a username and password are sent across with the request. While this approach is not the best nor recommended, it can be acceptable for controlled activities within a specific timeframe, assuming no security breaches are expected. Here is an example: https://sourcedcode.com/blog/aem/how-to-get-authorization-basic-auth-header-from-aem-author for this. Essentially, you create an AEM user and share the credentials with whoever uses your service.

 

Alternatively, you could choose the OAuth 2.0 approach, which is the preferred approach. Here is a good example of how to implement this: https://medium.com/tech-learnings/how-to-manage-the-protected-aem-resources-through-oauth-2-0-851ce4....

 

Hope this helps


Esteban Bustamante

View solution in original post

Views

135

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Correct answer by
Community Advisor
Community Advisor
7/10/24 12:29:27 PM

Hi,

If you are using AEMaaCS, you could utilize Service Credentials, which is a token-based authentication method. This is well-detailed here: https://experienceleague.adobe.com/en/docs/experience-manager-learn/getting-started-with-aem-headles... and here: https://techrevel.blog/2023/09/06/access-restricted-resources-on-aemaacs-with-java-and-service-accou....

 

If you are not using AEMaaCS, then the method you choose depends on how secure you need it to be. You could opt for a Basic Authentication method, where a username and password are sent across with the request. While this approach is not the best nor recommended, it can be acceptable for controlled activities within a specific timeframe, assuming no security breaches are expected. Here is an example: https://sourcedcode.com/blog/aem/how-to-get-authorization-basic-auth-header-from-aem-author for this. Essentially, you create an AEM user and share the credentials with whoever uses your service.

 

Alternatively, you could choose the OAuth 2.0 approach, which is the preferred approach. Here is a good example of how to implement this: https://medium.com/tech-learnings/how-to-manage-the-protected-aem-resources-through-oauth-2-0-851ce4....

 

Hope this helps


Esteban Bustamante

Views

136

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Community Advisor
Community Advisor
7/10/24 6:26:43 PM

@djohn98390536 What version of AEM are you using? There are a few quick win options available for AEM as cloud service.

For AEMaCS you can generate a temp/long term token based on your need and use token based authentication to access any AEM tier resources. I recently used this to access AEM publish tier resources as we wanted to validate our AEM publish tier content.

Views

114

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
How to update/migrate content from lower to higher enviromnemt in AEM as a CS?

Views

8

Likes

0

Replies

0
Aem Asset API authentication

Views

35

Likes

0

Replies

1
Can we persist GraphQL query in AEM passed to backend external server. (Non content Fragment Queries)?

Views

51

Likes

0

Replies

1
AEM integration with Azure isn't working for group

Views

56

Likes

0

Replies

2
Want to understand why MSSQL and MySQL is still Experimental Configuration in the docs

Views

57

Likes

0

Replies

1