A primary use case for The Adobe Experience Manager as a Cloud Service (AEM) GraphQL API for Content Fragment Delivery is to accept remote queries from third-party applications or services. These remote queries may require authenticated API access to secure headless content delivery.
For testing and development, you can also access the AEM GraphQL API directly using the GraphiQL interface.
See Generating Access Tokens for Server-Side APIs for full details.
For a third-party service to connect with an AEM instance it must have an Access Token. The service must then add this token to the
Authorization header on the POST request.
For example, a GraphQL Authorization Header:
Authorization: Bearer <access_token>
All requests made using the access token are made by the user account that generated the token.
This user account means that you must check that the account has the permissions required to run GraphQL queries.
You can check these permissions by using GraphiQL on the local instance. More details about permissions can be found here.