Authentication for Remote AEM GraphQL Queries on Content Fragments authentication-for-remote-aem-graphql-queries-on-content-fragments

A primary use case for The Adobe Experience Manager as a Cloud Service (AEM) GraphQL API for Content Fragment Delivery is to accept remote queries from third-party applications or services. These remote queries may require authenticated API access to secure headless content delivery.

For authentication, the third-party service must retrieve an Access Token that can then be used in the GraphQL Request.

Retrieving an Access Token retrieving-access-token

See Generating Access Tokens for Server-Side APIs for full details.

Using the Access Token in a GraphQL Request use-access-token-in-graphql-request

For a third-party service to connect with an AEM instance it must have an Access Token. The service must then add this token to the Authorization header on the POST request.

For example, a GraphQL Authorization Header:

Authorization: Bearer <access_token>

Permission Requirements permission-requirements

All requests made using the access token are made by the user account that generated the token.

This user account means that you must check that the account has the permissions required to run GraphQL queries.

You can check these permissions by using GraphiQL on the local instance. More details about permissions can be found here.