Vulnerability in EPiServer.Forms

Try our conversational search powered by Generative AI!

Daniel Ovaska
Sep 13, 2018
(2 votes)

Testing Episerver content delivery API

This will be my shortest blog post yet but hopefully it will save someone an hour when reading about my gotyas. 

Content delivery API is an API you will likely want to use if you need to get Episerver data for your client side application built on React, Angular, Vue or their friends. Installing it is pretty easy but it has a few quirks still. It still has a dependency on Episerver Find for instance so if you don't have that you are out of luck currently. You can follow this excellent guide here that helped me to get it up and running

  • Episerver needs to be at 11.4.0 or later
  • You need to use the new identity authentication (if you haven't upgraded from membership provider, now is the time!)
    It's fast but you might run into password hashing issues.
  • Remember that Episerver Find needs to be version 12.x.x or earlier.
    If you use a brand new Alloy site you can uninstall the version 13 and reinstall the latest version 12.
    A bit annoying but no biggie since it only takes 5 mins.
  • For an alloy site you also need some initialization that has already been done on the commerce quicksilver site that Matthew references in step 2. You will find some missing classes for this configuration here which took me a while.

  • I also noticed that in the official documentation they have an infrastucture zip file with the files about. 
  • When trying out the api from postman or similar, remember that the api is sensitive to language and that this is sent using a header. If you end up getting 404s then add the relevant language header (sv-SE or similar) to specify the language.
  • If you get the exception "A route named 'MS_attributerouteWebApi' is already in the route collection. Route names must be unique". It means that you are trying to register attribute routing multiple times. Remove one of the config.MapHttpAttributeRoutes() if you have multiple. The content delivery apis will try to register this too and you can shut this off by using appsettings if you already have this in your project. 
    <add key="episerver:contentdeliverysearch:maphttpattributeroutes" value="false" />​
    <add key="episerver:contentdelivery:maphttpattributeroutes" value="false" />

So far I have an alloy + angular 6 site up and running that gets all content from content delivery api where all text (and blocks) support direct on page editing. Works!

Sep 13, 2018


Please login to comment.
Latest blogs
Join the Work Smarter Webinar: Working with the Power of Configured Commerce (B2B) Customer Segmentation December 7th

Join this webinar and learn about customer segmentation – how to best utilize it, how to use personalization to differentiate segmentation and how...

Karen McDougall | Dec 1, 2023

Getting Started with Optimizely SaaS Core and Next.js Integration: Creating Content Pages

The blog post discusses the creation of additional page types with Next.js and Optimizely SaaS Core. It provides a step-by-step guide on how to...

Francisco Quintanilla | Dec 1, 2023 | Syndicated blog

Stop Managing Humans in Your CMS

Too many times, a content management system becomes a people management system. Meaning, an organization uses the CMS to manage all the information...

Deane Barker | Nov 30, 2023

A day in the life of an Optimizely Developer - Optimizely CMS 12: The advantages and considerations when exploring an upgrade

GRAHAM CARR - LEAD .NET DEVELOPER, 28 Nov 2023 In 2022, Optimizely released CMS 12 as part of its ongoing evolution of the platform to help provide...

Graham Carr | Nov 28, 2023