Authentication for Remote AEM GraphQL Queries on Content Fragments

A primary use case for The Adobe Experience Manager as a Cloud Service (AEM) GraphQL API for Content Fragment Delivery is to accept remote queries from third party applications or services. These remote queries may require authenticated API access in order to secure headless content delivery.


For testing and development you can also access the AEM GraphQL API directly using the GraphiQL interface interface.

For authentication the third party service needs to retrieve an Access Token, that can then be used in the GraphQL Request.

Retrieving an Access Token

See Generating Access Tokens for Server Side APIs for full details.

Using the Access Token in a GraphQL Request

For a third party service to connect with an AEM instance it needs to have an Access Token. The service must then add this token to the Authorization header on the POST request.

For example, a GraphQL Authorization Header:

Authorization: Bearer <access_token>

Permission Requirements

All requests made using the access token will actually be made by the user account that generated the token.

This means that you need to check that the account has the permissions required to run GraphQL queries.

You can check this by using GraphiQL on the local instance. More details about permissions can be found here.

On this page