Try our conversational search powered by Generative AI!

AI OnAI Off
Mark Hall
Mark Hall  -  Commerce
Feb 13, 2015
  4210
(2 votes)

Important Updates to the ServiceApi

We have released a new version of the EPiServer.ServiceApi and I wanted to highlight some important features over the last two releases.  As of version 1.2.0 the ServiceApi is now split out into two packages.

  • EPiServer.ServiceApi - this is the base package that only has dependency to EPiServer.Cms.Core.  This package will allow you to import media as well as episerverdata files.
  • EpiServer.ServiceApi.Commerce - this is the commerce package that has a dependency to EPiServer.Commerce.Core.  This package adds functionality to import catalog content and some restful operations for workng with catalog content.

As of version 1.3.0 all actions require permissions.  This means the user getting an auth token must have access to the permissions to use the functions.  The permissions are done with the new permissions to functions introduced in EPiServer.Cms.Core 7.19.1.  The ServiceApi has two permissions read and write.  Any function that manipulates data will require write access while all other require read access.  By default when instaling version 1.3.0 the administrators role is granted read and write access. 

If you would like to use the ServiceApi read and write permissions in your own webapi controlllers, you can decorate your method like below.  You also have the ability to create your own permissions and use with the AuthorizePermission attribute.

[Route("myroute", Name = "mymethod")]
[HttpGet]
[AcceptVerbs("GET")]
[ResponseType(typeof(IEnumerable<Models.MyModel>))]
[EPiServer.ServiceApi.Configuration.AuthorizePermission(EPiServer.ServiceApi.Configuration.Permissions.GroupName, EPiServer.ServiceApi.Configuration.Permissions.Read)]
public virtual IHttpActionResult MyMethod()
{
        if (!ModelState.IsValid)
        {
            return BadRequest(ModelState);
        }
        return Ok(ModelFactory.GetMyMethod());
}

ServiceAPi automatically registers controllers with attribute routing so this allows you to use the permissions in your own webapi controllers.  We needed to add a new AuthorizePermission for webapi controllers, the one introduced in EPiServer.Web.Mvc is only for mvc controllers.

There were also some additional security updates which lead the removal of httpmodule EPiServer.ServiceApi.IntegrationAuthorizationModule.

Feb 13, 2015

Comments

Please login to comment.
Latest blogs
Optimizely and the never-ending story of the missing globe!

I've worked with Optimizely CMS for 14 years, and there are two things I'm obsessed with: Link validation and the globe that keeps disappearing on...

Tomas Hensrud Gulla | Apr 18, 2024 | Syndicated blog

Visitor Groups Usage Report For Optimizely CMS 12

This add-on offers detailed information on how visitor groups are used and how effective they are within Optimizely CMS. Editors can monitor and...

Adnan Zameer | Apr 18, 2024 | Syndicated blog

Azure AI Language – Abstractive Summarisation in Optimizely CMS

In this article, I show how the abstraction summarisation feature provided by the Azure AI Language platform, can be used within Optimizely CMS to...

Anil Patel | Apr 18, 2024 | Syndicated blog

Fix your Search & Navigation (Find) indexing job, please

Once upon a time, a colleague asked me to look into a customer database with weird spikes in database log usage. (You might start to wonder why I a...

Quan Mai | Apr 17, 2024 | Syndicated blog

See all blogs