HomeGuidesAPI Reference
Submit Documentation FeedbackJoin Developer CommunityOptimizely GitHubOptimizely NuGetLog In

Configurating Content Delivery API

This topic describes how to customize the default configurations for Content Delivery API.

You can configure the Content Delivery API by working with an instance of ContentApiOptions.

ContentApiOptions

You can configure ContentApiOptions in ConfigureServices in startup.cs when you enable the API:

services.AddContentDeliveryApi(options =>
{
    // Access the options here
});

You can also configure the ContentApiOptions after you enable the API:

services.Configure<ContentDeliveryApiOptions>(options =>
{
    // Access the options here
});

ContentSearchApiOptions

You can configure ContentSearchApiOptions in ConfigureServices in startup.cs when you enable the API:

services.AddContentSearchApi(options =>
{
   // Access the options here
});

You can also configure the ContentSearchApiOptions after you  enable the API:

services.Configure<ContentSearchApiOptions>(options =>
{
    // Access the options here
});

Security

To access secured content through the API, authenticate the request by using OpenID Connect and Bearer Tokens (JWT). See API authentication for how to enable.

The APIs use the default authentication scheme that is configured. See Microsoft's documentation about authentication schemes.

When you configure the APIs, the authentication scheme is the first parameter to use, as shown in the following example:

public void ConfigureServices(IServiceCollection services)
{
    // Use overload without the scheme parameter to use the default scheme.
    services.AddContentDeliveryApi("MyScheme", options =>
    {
        // Access options here
    });
}

📘

Note

All content having read access for the 'Everyone' role is available through the API by default. You can change this in the following ways:

  • Configure AllowedScopes in ContentDeliverApiOptions. Then requests need to have any of these scopes to call the API.
  • Configure RequiredRole in ContentDeliveryApiOptions. Then assign these roles read access to each content item that should be available in the API.

CORS

APIs use the default configured CORS policy. See Microsoft's documentation how to configure CORS.

You can configure each API to use a specific CORS policy in ConfigureServices in startup.cs:

services.AddContentDeliveryApi(options =>
{
    // To use a specific policy, specify the name of the policy.
    // To use the default policy, leave empty.
    options.CorsPolicyName = "MyPolicyName";
});

You can add a named policy in ConfigureServices in startup.cs:

services.AddCors(options => 
{
    options.AddPolicy("MyPolicyName", b => b
        .WithOrigins(new[] { "http://localhost:8080" })
        .WithExposedContentDeliveryApiHeaders()
        .AllowAnyHeader()
        .AllowAnyMethod()
        .AllowCredentials());
});

You can also add a default policy directly in Configure in startup.cs:

app.UseCors(b => b
    .WithOrigins(new[] { "http://localhost:8080" })
    .WithExposedContentDeliveryApiHeaders()
    .AllowAnyHeader()
    .AllowAnyMethod()
    .AllowCredentials());

WithExposedContentDeliveryApiHeaders() enables Content Delivery-specfic headers. If not configured, these headers are not served if the call is a cross-origin request.

The following method configures CORS automatically based on the host configured on the current SiteDefinition:

services.AddContentDeliveryApiSiteBasedCors();

Or:

services
    .AddContentDeliveryApi()
    .WithSiteBasedCors();