Exploring SaaS CMS: API Clients and Content Management APIs
Introduction
In continuation of my previous post on leveraging the Content Management API and OpenID Connect Authentication on the PaaS-based Optimizely CMS, I delve into the delivery mechanisms within the SaaS-based CMS Platform. Surprisingly, the majority of functionalities are readily available and seamlessly integrated into the system. In this article, I provide a quick preview of the available features and guide on configuring the exposed API for definition and content management.
Note: It's essential to bear in mind that while I explore these features, the SaaS platform is still in its BETA phase, and APIs are currently at version 0.5. Changes might occur as the SaaS CMS transitions into general availability.
Configuring the API Client (Equivalent to OpenID Connect Package)
The API client functionality comes pre-installed in the SaaS CMS, and the setup is near identical to what we found on the PaaS platform with the Open ID Connect package. The tool can be found within Settings and the Access Rights section as highligted in the image below.
Once on the API Client interface we can create a Client ID, the Client Secret is automatically generated please store this safely as there is no way of retrieving once you leave the page. The option to "Allow the client to impersonate users" is self-explanatory; enabling this allows the client to function as another user within the CMS.
Using the credentials
I'll demonstrate how to utilize these credentials using Postman to retrieve a JWT token for subsequent API calls. To obtain a Bearer Auth Token, a GET call needs to be made to the designated URL:
https://app-xxxprod.cms.optimizely.com/_cms/v0.5/oauth/token
Sending the required parameters along with the request, including grant_type
, client_id
, client_secret
, and optionally act_as
, will result in the generation of a token for future requests. Notably, this token expires automatically after 300 seconds.
Example:
Authorisation to API using the Bearer Token
With the Bearer Token generated, subsequent API requests can now be authenticated by passing this token as the "Authorization" Header parameter.
Example:
Content Definitions API
Now armed with the bearer token, we can interact with the Content and Definitions API. The first API we explore is the Content Definitions API. Detailed API reference can be found here.
Get Content Types
A simple GET request to the following URL provides a list of all content types within the CMS:
https://app-xxxprod.cms.optimizely.com/_cms/v0.5/contenttypes
Example:
To only get the details of a certain known type we pass in the definition name (key) to the URL:
https://app- xxxprod.cms.optimizely.com/_cms/v0.5/contenttypes/articlepage
Create Content Type
To create a content type, a POST request is made to the same URL, passing in the necessary parameters.
Example:
Content {Delivery} API
The API reference to the Content API can be found here : Create content (optimizely.com)
Get Content
To retrieve a content item, a GET request is made to the designated URL, using the Guid of the page as the key. The key is in a UUID format so should not include any dashes e.g. 115988243510434482925671c3ee601a
https://app- xxxprod.cms.optimizely.com/_cms/v0.5/content/{key}
Example:
Conclusion
As you can see its very easy to interact with the API’s and retrieve the relevant information you may need, as well as programmatically being able to create Content Models and Instances of these models. Its great to see this has all been included from the get go and provides a lot of scope to decide on how we manage the content definition creation process.
Hi Minesh,
I looked at the SaaS version of the Content Delivery API earlier in the year and whilst it worked really well, I did feel that in some areas it was difficult to use. It wasn't possible to query the content to find the site root, or a specific content item which I felt is required to make the API really useful, e.g. being able to upload blog items to a specific parent item within the site.
I also found it wasn't possible to upload media (images, etc) with this API.
Have these features been added, or did you run into the same issues?
Hey @Andy thanks for the comment, in regards of being able to query for content against anything else barring the Site Guid is not currently possible although I believe this is in the wider plan and should be ready for for GA (This assumption is based on feedback from Optimizely). E.g. being able to use a Path or Page name as the key (Something that is unique - So maybe not Page Name)
In regards of being able to upload media or other assets using the API I have not yet tried this, but will investigate further on this topic