Unfortunately that isn't the case, or I'm just bad at following the guide.
The "Configure Authentication" section contains a code-snippet, but that code snippet includes Content API scopes. Nice if I was using ContentAPI, but I'm not. Optimizely, could you please update your documentation, so ServiceAPI and ContentAPI are not mixed?
I got it to work, but with development certificates as documented above. No word on how to use real certificates on the Service API documentation. Optimizely can you please provide that?
My take is that the OpenIDConnect Authentication is used for both Content API and Service API, which I guess is a great choise, but it leaves the documentation split and not updated. Which leads to a bad developer experience. Please, please fix the documentation.
Hi forum
I'm trying to install Service API on a new Commerce 14 installation. One should think it would be easy just to follow this guide: https://docs.developers.optimizely.com/customized-commerce/v1.3.0-service-api-developer-guide/docs/installation-and-configuration
Unfortunately that isn't the case, or I'm just bad at following the guide.
The "Configure Authentication" section contains a code-snippet, but that code snippet includes Content API scopes. Nice if I was using ContentAPI, but I'm not. Optimizely, could you please update your documentation, so ServiceAPI and ContentAPI are not mixed?
I got it to work, but with development certificates as documented above. No word on how to use real certificates on the Service API documentation. Optimizely can you please provide that?
So I turned to the Content API documentation: https://docs.developers.optimizely.com/content-management-system/v1.5.0-content-delivery-api/docs/api-authentication Which have a section on how to use it in production. Looking at the documentation, I would expect that I can also use this snippet for my Service API Authentication part, which would be great, except that this example contains obsolete code:
var certificates = EPiServer.CloudPlatform.Cms.Certificates.CertificatesProvider.Get(_configuration);
My take is that the OpenIDConnect Authentication is used for both Content API and Service API, which I guess is a great choise, but it leaves the documentation split and not updated. Which leads to a bad developer experience. Please, please fix the documentation.
And then I come across this topic: https://world.optimizely.com/forum/developer-forum/Developer-to-developer/Thread-Container/2024/2/serviceapi-throwing-unauthorize-for-valid-token/, which points towards further possible trouble down the road. Quan Mai writes that there is no official guideline, which leaves me with no help. Optimizely: Please provide official guidance on how to handle this.
Does anybody know of a nice blogpost or similar who documents how to setup authentication and API's for production use?