top of page
Search

AEM Admin API for Edge Delivery Services: How to Get Started

  • Writer: Juan Ayala
    Juan Ayala
  • Mar 31
  • 4 min read

The AEM Admin API is a set of RESTful endpoints designed to manage content and configurations within Edge Delivery Services. It enables developers to interact programmatically with the cloud-based infrastructure. It handles tasks such as:


  • Publishing and invalidating content in the Edge Delivery Network

  • Managing content sources, such as repositories connected to Edge Delivery Services

  • Triggering reindexing for search-related integrations

  • And many more...


Adobe's tools, like AEM Sidekick, leverage this API, but the tooling is still evolving. For instance, setting up a repoless configuration currently requires authenticated curl commands. Since no UI-based tool exists yet, this gap reflects Adobe’s rapid development pace. In which the API evolves faster than the supporting tools. Until that balance shifts, developers need to be comfortable working with the API.


This post is an introduction rather than an in-depth guide. By the end, you’ll know how to get an access token and perform basic API operations. This will give you an understanding of how the Admin API fits into the Helix 5 architecture. And help you get started with more advanced use cases.


Basic Publishing With the Sidekick

For this first video, I set up a simple AEM website by following the tutorial for document authoring. The purpose is to show you how the Sidekick uses the API. And one of the limitations of unauthenticated publishing.


  • First I use the Page Status tool to list the published content of the site. There should be none. The page status tool is experimental. You can find it along with other such tools in the Admin Labs page. The page status tool also uses the Admin API.

  • Then I publish the index document to the preview. And run the page status to prove that the content is in preview.

  • Then I publish to live. And run the Page Status tool again to confirm the content is live.

  • Even if I log in, my user has no roles. The Sidekick will not show me the option to delete or unpublish the content.

  • After I log in, I capture the authentication token for use later. The token will only contain my email id. To view its contents, use jwt.ms.



Basic Publishing With the AEM Admin API

cURL is useful but not very practical for everyday use. This second video shows that setting up Postman to work with the API is easy. And demonstrates how to publish content.


  • First I download the OpenAPI specification.

  • Then I import the specification file straight into a Postman collection.

  • I update the /nav preview by setting the correct parameters and calling the API.

  • I publish the /nav by setting the correct parameters and calling the API.

  • I attempt to delete something from preview but receive a 403.

  • I attempt to delete again, but this time by using the token I got after I signed in. I still get a 403 because my user lacks any role assignments.



Make a Role Assignment

The documentation on how to configure authentication for authors references the Configuration Service. Since only Adobe can enable this, we will use the config spreadsheet for document authoring. Notice that there is a mapping from the API to the config property I set in the spreadsheet.


For example, the configuration service gets used to set a role by posting the roles to /config/{org}/sites/{site}/access/admin.json. So the property on the spreadsheet is admin.role.admin. Where admin is the root property of AccessConfig, and role its child. The name of the role, in this case admin, can be one of many. Refer to the list of roles and their permissions here.


In the following video, I perform these steps.

  • First I log out of the Sidekick.

  • Then I assign myself an admin role and activate the config spreadsheet.

  • Since at least one role assignment exists, the Sidekick will now require me to sign in. To disable this, set admin.requireAuth to false.

  • Log in through the Sidekick and show the x-auth-token header in the requests.

  • Show the token in jwt.ms. It only contains my email id. And its authenticity can get verified with the digital signature.

  • Call the /profile API to verify the token's validity.

  • Or perform the same login. But through the API. The auth token will be in the auth_token cookie.




Unpublish & Delete Content

Finally, I have an auth token. And my email id has a role assignment. The Sidekick will now allow me unpublish from live. And delete from preview. Likewise, using the auth token, the API will allow me to do the same.


In this video, I will unpublish the /nav by using the Sidekick. And delete it by using the API.



Conclusion

In this tutorial, we explored how the AEM Sidekick uses the AEM admin API to publish content. We also setup authentication so we could unpublish and delete content. This foundational knowledge will assist in configuring repoless sites. And provided insight into the Helix 5 architecture.

Comments

Post: Blog2_Post
bottom of page