Disclaimer: This website requires Please enable JavaScript in your browser settings for the best experience.

HomeDev GuideRecipesAPI Reference
Dev GuideAPI ReferenceUser GuideLegal TermsGitHubNuGetDev CommunityOptimizely AcademySubmit a ticketLog In
Dev Guide

Configure Content Management API

Explains how to configure the Optimizely Content Management API.

The Optimizely Content Management API has the ContentManagementApiOptions (located in the EPiServer.ContentManagementApi namespace) where you can configure the API. There are security-related and CORS settings that you might want to change.

Register Content Management API services

After installing the package, clients need to register Content Management API services in their Startup.cs file:

public void ConfigureServices(IServiceCollection services) {
  services.AddContentManagementApi();
}

Security

CMA has three authorization levels:

  • Allow Scopes – Scopes that must hit any method of Content Management API endpoints. The user must have at least one of the configured allowed scopes to call the API endpoints.
  • Required Role – The required role must be assigned to content to be accessible in the Content Management API. The default value is null, which means content is accessible by the Content Management API.
  • Privilege – The user must have privilege(s) on content to perform an action.

Content Management API supports authenticating the request by using OpenID Connect and Bearer Tokens (JWT):

public void ConfigureServices(IServiceCollection services) {
  services.AddContentManagementApi(OpenIDConnectOptionsDefaults.AuthenticationScheme);
}

For information about the OpenID Connect configuration, see API authentication.

Flatten

The flatten configuration controls data format used in serialization (for GetCommonDraft and deserialization for data sent to other endpoints). Its value can be configured at initialization time using ContentApiOptions:

public void ConfigureServices(IServiceCollection services) {
  services.ConfigureContentApiOptions(o => {
    o.FlattenPropertyModel = true;
  });
}

Example
When you use any endpoints (Get common draft, post, put, patch, and so on) in Content Management API without flatten, the data format is:

{
  "name": "Alloy Plan",
  "metaTitle": {
    "value": "Alloy Plan - Online Project Management",
    "propertyDataType": "PropertyLongString"
  },
  "metaDescription": {
    "value": "Project management...",
    "propertyDataType": "PropertyLongString"
  }
  ...
}

With flatten, the data format is:

{ 
  "name": "Alloy Plan", 
  "metaTitle": "Alloy Plan, online project management", 
  "metaDescription": "Project management...", 
  ...
}

CORS

You can configure Content Management API to use a specific CORS policy in ConfigureServices in Startup.cs:

public void ConfigureServices(IServiceCollection services) {
  services.AddContentManagementApi(c => {
    c.CorsPolicyName = "MyCorsPolicy"
  });
}

See CORS configuration.