Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Restricting to folder in ASSET API

Avatar

Avatar
Validate 1
Level 1
cqbeginner
Level 1

Likes

2 likes

Total Posts

22 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Boost 1
Applaud 5
View profile

Avatar
Validate 1
Level 1
cqbeginner
Level 1

Likes

2 likes

Total Posts

22 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Boost 1
Applaud 5
View profile
cqbeginner
Level 1

05-12-2020

Dear Community,

 

According to Adobe docs...

The Assets HTTP API allows for create-read-update-delete (CRUD) operations on digital assets, including on metadata, on renditions, and on comments, together with structured content using Experience Manager Content Fragments. It is exposed at /api/assets and is implemented as REST API. It includes support for Content Fragments

 

1. Does it mean that, a 3rd party application can view everything under asset folder?

2. How can I give restricted access to different business units under /api/assets/

 For example: content fragment created for specific business unit should be under /api/assets/bu1/. They should have access to assets under this folder only.

 

Any thoughts?

 

Thanks,

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Establish
MVP
BrianKasingli
MVP

Likes

615 likes

Total Posts

592 posts

Correct Reply

232 solutions
Top badges earned
Establish
Ignite 1
Give Back 5
Give Back 3
Give Back 10
View profile

Avatar
Establish
MVP
BrianKasingli
MVP

Likes

615 likes

Total Posts

592 posts

Correct Reply

232 solutions
Top badges earned
Establish
Ignite 1
Give Back 5
Give Back 3
Give Back 10
View profile
BrianKasingli
MVP

05-12-2020

@cqbeginner 

Well, firstly, the third-party application needs to get access to communicate with your author instance. And secondly, the default behavior to successfully make a call to the AEM OOTB asset's API is when you are an authenticated user. As a test, open API development tool such as POSTMAN and start making requests to https://[hostname]:[server]/api/assets.json, you'll realise there will be an authentication error; this can be easily fixed by including basic authentication values to the request:

BrianKasingli_0-1607188402246.png


Since we know that you must be a logged-in user, you can ensure that this specialAssetUser only have read and write methods to the folder structure of your choice in this case, /content/dam/my-project/public/bu1/*.

Just question answering your questions:

1. Does it mean that, a 3rd party application can view everything under asset folder?

The authenticated user with the correct access rights can only see specific assets and folders that are set in the ACL. (you can manage your user and groups in http://localhost:4502/useradmin)

2. How can I give restricted access to different business units under /api/assets

you can manage your user and groups in http://localhost:4502/useradmin

Answers (1)

Answers (1)

Avatar

Avatar
Level 1
Gian74
Level 1

Likes

0 likes

Total Posts

1 post

Correct Reply

0 solutions
View profile

Avatar
Level 1
Gian74
Level 1

Likes

0 likes

Total Posts

1 post

Correct Reply

0 solutions
View profile
Gian74
Level 1

12-03-2021

Hi I have almost the same problem.

But I noticed that in my environment, the api requests to the author instance require authentication, while requests exposed by the publish instance are served WITHOUT authentication.

I need to expose the api though the dispatcher to the internet, but I would like it to be authentication-protected .

 

Maybe it's an issue with my AEM version (6.2 - on premises) ?

 

Thanks.