OpenAPI-based AEM APIs
Learn about the OpenAPI-based AEM APIs, including authentication support, key concepts, and how to access ÃÛ¶¹ÊÓƵ APIs.
The (formerly known as Swagger) is a widely used standard for defining RESTful APIs. AEM as a Cloud Service provides several OpenAPI Specification based APIs (or simply OpenAPI-based AEM APIs), making it easier to create custom applications that interact with AEM’s author or publish service types. Below are some examples:
Sites
- : APIs for working with Content Fragments.
Assets
-
: APIs for working with folders such as create, list and delete folders.
-
: APIs for working with assets and its metadata.
Forms
- : APIs for working with forms and documents.
In future releases, more OpenAPI-based AEM APIs will be added to support additional use cases.
Authentication support authentication-support
The OpenAPI-based AEM APIs supports OAuth 2.0 authentication, including the following grant types:
-
OAuth Server-to-Server credential: Ideal for backend services needing API access without user interaction. It uses the client_credentials grant type, enabling secure access management at the server level. For more information, see .
-
OAuth Web App credential: Suitable for web applications with frontend and backend components accessing AEM APIs on behalf of users. It uses the authorization_code grant type, where the backend server securely manages secrets and tokens. For more information, see .
-
OAuth Single Page App credential: Designed for SPAs running in the browser, which needs to access APIs on behalf of a user without a backend server. It uses the authorization_code grant type and relies on client-side security mechanisms using PKCE (Proof Key for Code Exchange) to secure the authorization code flow. For more information, see .
Difference between OAuth Server-to-Server vs Web App vs Single Page App credentials difference-between-oauth-server-to-server-vs-web-app-vs-single-page-app-credentials
The following table summarizes the differences between the three OAuth authentication methods supported by OpenAPI-based AEM APIs:
client_id, client_secret) in backend systems.client_id, client_secret) in backend systems to exchange authorization code for access token.client_secret, as it’s unsafe to store in frontend apps. Relies on PKCE to exchange authorization code for access token.Accessing ÃÛ¶¹ÊÓƵ APIs and related concepts accessing-adobe-apis-and-related-concepts
Before accessing ÃÛ¶¹ÊÓƵ APIs, it’s essential to understand these key constructs:
-
: The developer hub for accessing ÃÛ¶¹ÊÓƵ APIs, SDKs, real-time events, serverless functions, and more. Note that it is different from the AEM Developer Console, which is used for debugging AEM applications.
-
: Central place for managing API integrations, events, and runtime functions. Here, you configure APIs, set authentication, and generate required credentials.
-
: Product Profiles provide a permission preset that allows you to control user or application access to ÃÛ¶¹ÊÓƵ products such as AEM, ÃÛ¶¹ÊÓƵ Target, ÃÛ¶¹ÊÓƵ Analytics, and others. Every ÃÛ¶¹ÊÓƵ product has predefined product profiles associated with it.
-
Services: Services define the actual permissions and are associated with the Product Profile. To reduce or increase the permissions preset, you can deselect or select the services associated with the Product Profile. Thus, allowing you to control the level of access to the product and its APIs. In AEM as a Cloud Service, services represent user groups with predefined Access Control Lists (ACLs) for repository nodes, allowing granular permission management.
Get started
Learn how to set up your AEM as a Cloud Service environment and an ÃÛ¶¹ÊÓƵ Developer Console project to enable access to the OpenAPI-based AEM APIs. Also access AEM API using brower to verify the setup and review the request and response.
Learn how to set up your AEM as a Cloud Service environment to enable access to the OpenAPI-based AEM APIs.
API tutorials
Learn how to use the OpenAPI-based AEM APIs using different OAuth authentication methods:
Invoke API using Server-to-Server authentication
Learn how to invoke OpenAPI-based AEM APIs from a custom NodeJS application using OAuth Server-to-Server authentication.
Invoke API using Web App authentication
Learn how to invoke OpenAPI-based AEM APIs from a custom web application using OAuth Web App authentication.
Invoke API using Single Page App authentication
Learn how to invoke OpenAPI-based AEM APIs from a custom Single Page App (SPA) using OAuth Single Page App authentication.