Configure Content Delivery API
Describes how to customize the default configurations for Optimizely Content Delivery API.
You can configure the Optimizely Content Delivery API by working with an instance of ContentApiOptions
.
ContentApiOptions
You can configure ContentApiOptions
in ConfigureServices
in startup.cs when you enable the API:
services.AddContentDeliveryApi(options =>
{
// Access the options here
});
You can also configure the ContentApiOptions
after you enable the API:
services.Configure<ContentDeliveryApiOptions>(options =>
{
// Access the options here
});
ContentSearchApiOptions
You can configure ContentSearchApiOptions
in ConfigureServices
in startup.cs when you enable the API:
services.AddContentSearchApi(options =>
{
// Access the options here
});
You can also configure the ContentSearchApiOptions
after you enable the API:
services.Configure<ContentSearchApiOptions>(options =>
{
// Access the options here
});
Security
To access secured content through the API, authenticate the request by using OpenID Connect and Bearer Tokens (JWT). See API authentication for how to enable.
The APIs use the default authentication scheme that is configured. See Microsoft's documentation about authentication schemes.
When you configure the APIs, the authentication scheme is the first parameter to use, as shown in the following example:
public void ConfigureServices(IServiceCollection services)
{
// Use overload without the scheme parameter to use the default scheme.
services.AddContentDeliveryApi("MyScheme", options =>
{
// Access options here
});
}
Note
All content having read access for the 'Everyone' role is available through the API by default. You can change this in the following ways:
- Configure
AllowedScopes
inContentDeliverApiOptions
. Then requests need to have any of these scopes to call the API.- Configure
RequiredRole
inContentDeliveryApiOptions
. Then assign these roles read access to each content item that should be available in the API.
CORS
APIs use the default configured CORS policy. See Microsoft's documentation how to configure CORS.
You can configure each API to use a specific CORS policy in ConfigureServices
in startup.cs:
services.AddContentDeliveryApi(options =>
{
// To use a specific policy, specify the name of the policy.
// To use the default policy, leave empty.
options.CorsPolicyName = "MyPolicyName";
});
You can add a named policy in ConfigureServices
in startup.cs:
services.AddCors(options =>
{
options.AddPolicy("MyPolicyName", b => b
.WithOrigins(new[] { "http://localhost:8080" })
.WithExposedContentDeliveryApiHeaders()
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials());
});
You can also add a default policy directly in Configure
in startup.cs:
app.UseCors(b => b
.WithOrigins(new[] { "http://localhost:8080" })
.WithExposedContentDeliveryApiHeaders()
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials());
WithExposedContentDeliveryApiHeaders()
enables Content Delivery-specfic headers. If not configured, these headers are not served if the call is a cross-origin request.
The following method configures CORS automatically based on the host configured on the current SiteDefinition
:
services.AddContentDeliveryApiSiteBasedCors();
Or:
services
.AddContentDeliveryApi()
.WithSiteBasedCors();
Updated about 1 month ago