Delivery API JWT Authentication - Bloomreach Experience - Headless Digital Experience Platform

Delivery API JWT Authentication

Introduction

Goal

Use JSON Web Token (JWT) authentication to access a channel's preview data through the Delivery API.

Background

When accessing the Delivery API through a live endpoint, by default it will return a channel's published pages and content. In order to access unpublished pages and content and render the channel preview in the Experience manager, an external frontend application must authenticate using a JSON Web Token.

JWT-based preview channel authentication is built into the Bloomreach SPA SDK. Channel preview works out of the box with any SPA built on the SDK.

In case the SDK can't be used, for example when using an unsupported frontend technology or framework, the frontend application must implement the JWT authentication.

Preview Channel Authentication Using JWT

When the Experience manager requests the preview channel for the first time, it appends the external frontend application's URL with a 'query' request parameter containing a JSON Web Token. For example:

https://myspa.example.com/?token=xxxxx.yyyyy.zzzzz

In order to access the preview channel data through a Delivery API request, the frontend application must include this token in the Authorization header using the Bearer schema. For example:

Authorization: Bearer xxxxx.yyyyy.zzzzz

Resources

Did you find this page helpful?
How could this documentation serve you better?
On this page
    Did you find this page helpful?
    How could this documentation serve you better?