Introduction
Goal
Use JSON Web Token (JWT) authentication to access a channel's preview data through the Delivery API.
Background
When accessing the Delivery API through a live endpoint, by default it will return a channel's published pages and content. In order to access unpublished pages and content and render the channel preview in the Experience manager, an external frontend application must authenticate using a JSON Web Token.
JWT-based preview channel authentication is built into the Bloomreach SPA SDK. Channel preview works out of the box with any SPA built on the SDK.
In case the SDK can't be used, for example when using an unsupported frontend technology or framework, the frontend application must implement the JWT authentication.
Preview channel authentication using JWT
When the Experience manager requests the preview channel for the first time, it appends the external frontend application's URL with a 'query' request parameter containing a JSON Web Token. For example:
https://myspa.example.com/?token=xxxxx.yyyyy.zzzzz
In order to access the preview channel data through a Delivery API request, the frontend application must include this token in the Authorization header using the Bearer schema. For example:
Authorization: Bearer xxxxx.yyyyy.zzzzz