Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

Restricting to folder in ASSET API

cqbeginner
Level 2
Level 2

Dear Community,

 

According to Adobe docs...

The Assets HTTP API allows for create-read-update-delete (CRUD) operations on digital assets, including on metadata, on renditions, and on comments, together with structured content using Experience Manager Content Fragments. It is exposed at /api/assets and is implemented as REST API. It includes support for Content Fragments

 

1. Does it mean that, a 3rd party application can view everything under asset folder?

2. How can I give restricted access to different business units under /api/assets/

 For example: content fragment created for specific business unit should be under /api/assets/bu1/. They should have access to assets under this folder only.

 

Any thoughts?

 

Thanks,

1 Accepted Solution
BrianKasingli
Correct answer by
Community Advisor
Community Advisor

@cqbeginner 

Well, firstly, the third-party application needs to get access to communicate with your author instance. And secondly, the default behavior to successfully make a call to the AEM OOTB asset's API is when you are an authenticated user. As a test, open API development tool such as POSTMAN and start making requests to https://[hostname]:[server]/api/assets.json, you'll realise there will be an authentication error; this can be easily fixed by including basic authentication values to the request:

BrianKasingli_0-1607188402246.png


Since we know that you must be a logged-in user, you can ensure that this specialAssetUser only have read and write methods to the folder structure of your choice in this case, /content/dam/my-project/public/bu1/*.

Just question answering your questions:

1. Does it mean that, a 3rd party application can view everything under asset folder?

The authenticated user with the correct access rights can only see specific assets and folders that are set in the ACL. (you can manage your user and groups in http://localhost:4502/useradmin)

2. How can I give restricted access to different business units under /api/assets

you can manage your user and groups in http://localhost:4502/useradmin

View solution in original post

4 Replies
BrianKasingli
Correct answer by
Community Advisor
Community Advisor

@cqbeginner 

Well, firstly, the third-party application needs to get access to communicate with your author instance. And secondly, the default behavior to successfully make a call to the AEM OOTB asset's API is when you are an authenticated user. As a test, open API development tool such as POSTMAN and start making requests to https://[hostname]:[server]/api/assets.json, you'll realise there will be an authentication error; this can be easily fixed by including basic authentication values to the request:

BrianKasingli_0-1607188402246.png


Since we know that you must be a logged-in user, you can ensure that this specialAssetUser only have read and write methods to the folder structure of your choice in this case, /content/dam/my-project/public/bu1/*.

Just question answering your questions:

1. Does it mean that, a 3rd party application can view everything under asset folder?

The authenticated user with the correct access rights can only see specific assets and folders that are set in the ACL. (you can manage your user and groups in http://localhost:4502/useradmin)

2. How can I give restricted access to different business units under /api/assets

you can manage your user and groups in http://localhost:4502/useradmin

View solution in original post

Gian74
Level 1
Level 1

Hi I have almost the same problem.

But I noticed that in my environment, the api requests to the author instance require authentication, while requests exposed by the publish instance are served WITHOUT authentication.

I need to expose the api though the dispatcher to the internet, but I would like it to be authentication-protected .

 

Maybe it's an issue with my AEM version (6.2 - on premises) ?

 

Thanks.