Expand my Community achievements bar.

SOLVED

How to authenticate AEM APIs?

Avatar

Level 9
Level 9
7/28/22 3:31:41 AM
 

We are using AEM as content service and exporting AEM content into mobile application. For example below api will be used in mobile application and Mobile application will build the presentation layer.

 

/content/we-retail/us/en/products/women/shirts/jcr:content/root/content-tile.model.json

 

Here I basically want to authenticate AEM API before I serve the json response. In essence, I want to only accept requests from mobile applications. I should the request If anyone else calls AEM. Can anyone tell me what are ways we can protect the AEM APIs

Views

954

Replies

5
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
8/1/22 10:43:55 PM
In response to Mario248

Ideally there should not be performance hit but planning performance testing would give a clear picture. I don't think it can be controlled at dispatcher level as Authorization would be happening in AEM i.e. the last point mentioned in my previous comment screenshot. 

View solution in original post

Views

896

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
5 Replies

Avatar

Level 9
Level 9
7/30/22 8:36:16 AM
In response to Sachin_Arora_

Thanks for your response. I think JWT seems looks in my case, as it involves system to system authentication. Do you have any reference on this works in AEM model java class?

 

Question - Seems every request hit publish to verify the access code and token code. Is this hit performance ? Can we manage this at dispatcher level ?

Views

914

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Community Advisor
Community Advisor
8/1/22 10:43:55 PM
In response to Mario248

Ideally there should not be performance hit but planning performance testing would give a clear picture. I don't think it can be controlled at dispatcher level as Authorization would be happening in AEM i.e. the last point mentioned in my previous comment screenshot. 

Views

897

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 5
Level 5
8/1/22 6:43:49 PM

I find this question very interesting, its a basic requirement and has various options.

 

Few cents from my side based on your use case:

  • Do you need to export user specific content from AEM publish? For example, user profile details, user orders, etc.
    If you do need to export user specific from AEM, then Token auth (OAuth2) is the way to go. This is the same auth mechanism mentioned by @Sachin_Arora_. Here's Adobe docs with videos explaining how to implement it: https://experienceleague.adobe.com/docs/experience-manager-learn/getting-started-with-aem-headless/a...

  • Do you need to export only public content from AEM? For example, content meant for public consumption such as website images, content fragments, etc. If you need to export only public content from AEM, then I would ask if authentication is needed at all since the content is exposed to public anyway?

  • The above points are based on the assumption that you are exporting content from AEM publish. Is this assumption correct?

Views

900

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 9
Level 9
8/6/22 9:02:26 PM
In response to Nikhil_Verma

Thanks for your response. I want to export  AEM /content into other system. At the end it will be available to user but client dont want to access the AEM content publicly rather it should be accessible by third part system and they will process the content and give to public use.

Views

871

Replies

0
Sign in to like this content

Total Likes

Translate
Translate