When you create Edge API Key using Token API, you need to pass the scopes. You can refer this article on how to create edge API Key using token API. There are two scopes needed to create the Edge API Key.
- audience-delivery - authorizes access to the Delivery API.
- content-#everything# - allows access to all content.
With content-#everything#, we are basically allowing all the content. In case if you want to restrict the scope only to a certain section of the content tree, there is no way as of now. As per the Limitations and restrictions of Experience Edge for XM, Experience Edge for XM only utilizes a single content scope for the whole tenant.
When I tried to submit the API Key creation request without content scope, it spit the following error. You must include at least one content scope in the following format: 'content-{identifier}' or 'content-#everything#'. Sitecore may overcome the edge limitation by passing the Sitecore Item ID in the scope 'content-{identifier}' so that we can restrict the access to other Sitecore items via this Edge API key or {identifier} may be for different reason.
Let's wait and see!!!
No comments:
Post a Comment