Expand my Community achievements bar.

SOLVED

How to authenticate AEM APIs?

Avatar

Level 9
Level 9
7/28/22 3:31:41 AM
 

We are using AEM as content service and exporting AEM content into mobile application. For example below api will be used in mobile application and Mobile application will build the presentation layer.

 

/content/we-retail/us/en/products/women/shirts/jcr:content/root/content-tile.model.json

 

Here I basically want to authenticate AEM API before I serve the json response. In essence, I want to only accept requests from mobile applications. I should the request If anyone else calls AEM. Can anyone tell me what are ways we can protect the AEM APIs

Views

1.4K

Replies

5
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
8/1/22 10:43:55 PM
In response to Mario248

Ideally there should not be performance hit but planning performance testing would give a clear picture. I don't think it can be controlled at dispatcher level as Authorization would be happening in AEM i.e. the last point mentioned in my previous comment screenshot. 

View solution in original post

Views

1.4K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
5 Replies

Avatar

Level 9
Level 9
7/30/22 8:36:16 AM
In response to Sachin_Arora_

Thanks for your response. I think JWT seems looks in my case, as it involves system to system authentication. Do you have any reference on this works in AEM model java class?

 

Question - Seems every request hit publish to verify the access code and token code. Is this hit performance ? Can we manage this at dispatcher level ?

Views

1.4K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Community Advisor
Community Advisor
8/1/22 10:43:55 PM
In response to Mario248

Ideally there should not be performance hit but planning performance testing would give a clear picture. I don't think it can be controlled at dispatcher level as Authorization would be happening in AEM i.e. the last point mentioned in my previous comment screenshot. 

Views

1.4K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 5
Level 5
8/1/22 6:43:49 PM

I find this question very interesting, its a basic requirement and has various options.

 

Few cents from my side based on your use case:

  • Do you need to export user specific content from AEM publish? For example, user profile details, user orders, etc.
    If you do need to export user specific from AEM, then Token auth (OAuth2) is the way to go. This is the same auth mechanism mentioned by @Sachin_Arora_. Here's Adobe docs with videos explaining how to implement it: https://experienceleague.adobe.com/docs/experience-manager-learn/getting-started-with-aem-headless/a...

  • Do you need to export only public content from AEM? For example, content meant for public consumption such as website images, content fragments, etc. If you need to export only public content from AEM, then I would ask if authentication is needed at all since the content is exposed to public anyway?

  • The above points are based on the assumption that you are exporting content from AEM publish. Is this assumption correct?

Views

1.4K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 9
Level 9
8/6/22 9:02:26 PM
In response to Nikhil_Verma

Thanks for your response. I want to export  AEM /content into other system. At the end it will be available to user but client dont want to access the AEM content publicly rather it should be accessible by third part system and they will process the content and give to public use.

Views

1.3K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
AEM Integration with Figma , like Creative Cloud

Views

15

Likes

0

Replies

0
AEM Adobe for "Content Authors"

Views

48

Likes

0

Replies

1
custom rte plugin with three features with custom icons to feature and plugin

Views

44

Likes

0

Replies

0
ClassNotFoundException: com.sun.xml.internal.ws.spi.ProviderImpl in AEM cloud instance

Views

111

Likes

0

Replies

2
Is it Possible to set the path selected in searchRoot to be the rootPath of tagSelector

Views

82

Likes

0

Replies

1