Add new Product Profiles

To add new Product Profiles to the AEM instance, in the Adobe Cloud Manager’s Environments section, select the ellipsis icon next to the environment name and select the Add Product Profiles option.

Add new Product Profiles

You can review the newly added Product Profiles by clicking on the ellipsis icon next to the environment name and selecting Manage Access > Author Profiles.

The Admin Console window displays the newly added Product Profiles.

Review new Product Profiles

The above steps complete the modernization of the AEM as a Cloud Service environment.

Enable AEM APIs access

The presence of the new Product Profiles enable OpenAPI-based AEM API access in the Adobe Developer Console (ADC). Recall that Adobe Developer Console (ADC) is the developer hub for accessing Adobe APIs, SDKs, real-time events, serverless functions, and more.

The newly added Product Profiles are associated with the Services that represent AEM user groups with predefined Access Control Lists (ACLs).
The Services are used to control the level of access to the AEM APIs.

You can also select or deselect the Services associated with the Product Profile to reduce or increase the level of access.

Review the association by clicking on the View Details icon next to the Product Profile name.

Review services associated with Product Profile

By default, the AEM Assets API Users Service is not associated with any Product Profile. Let’s associate it with the newly added AEM Assets Collaborator Users - author - Program XXX - Environment XXX Product Profile. After this association, the ADC Project’s Asset Author API can setup the desired authentication and associate the authentication account with the Product Profile.

Associate AEM Assets API Users Service with Product Profile

Create Adobe Developer Console (ADC) Project

The ADC Project is used to add the desired APIs, set up its authentication, and associate the authentication account with the Product Profile.

To create an ADC Project:

  1. Login to the Adobe Developer Console using your Adobe ID.

    Adobe Developer Console

  2. From the Quick Start section, click on the Create new project button.

    Create new project

  3. It creates a new project with the default name.

    New project created

  4. Edit the project name by clicking the Edit project button in the top right corner. Provide a meaningful name and click Save.

    Edit project name

Configure ADC Project

After creating the ADC Project, you have to add the desired AEM APIs, set up its authentication, and associate the authentication account with the Product Profile.

  1. To add AEM APIs, click on the Add API button.

    Add API

  2. In the Add API dialog, filter by Experience Cloud and select the desired AEM API. For example, in this case, the Asset Author API is selected.

    Add AEM API

  3. Next, in the Configure API dialog, select the desired authentication option. For example, in this case, the Server-to-Server authentication option is selected.

    Select authentication

    The Server-to-Server authentication is ideal for backend services needing API access without user interaction. The Web App and Single Page App authentication options are suitable for applications needing API access on behalf of users. See Difference between OAuth Server-to-Server vs Web App vs Single Page App credentials for more information.

  4. If needed, you can rename the API for easier identification. For demo purposes, the default name is used.

    Rename credential

  5. In this case, the authentication method is OAuth Server-to-Server so you need to associate the authentication account with the Product Profile. Select the AEM Assets Collaborator Users - author - Program XXX - Environment XXX Product Profile and click Save.

    Select Product Profile

  6. Review the AEM API and authentication configuration.

    AEM API configuration

    Authentication configuration

If you choose the OAuth Web App or OAuth Single Page App authentication method, the Product Profile association is not prompted but application redirect URI is required. The application redirect URI is used to redirect the user to the application after authentication with an authorization code. The relevent use cases tutorials outline such authentication specific configurations.