Exploring SaaS CMS: API Clients and Content Management APIs

Introduction

In continuation of my previous post on leveraging the Content Management API and OpenID Connect Authentication on the PaaS-based Optimizely CMS, I delve into the delivery mechanisms within the SaaS-based CMS Platform. Surprisingly, the majority of functionalities are readily available and seamlessly integrated into the system. In this article, I provide a quick preview of the available features and guide on configuring the exposed API for definition and content management.

Note: It's essential to bear in mind that while I explore these features, the SaaS platform is still in its BETA phase, and APIs are currently at version 0.5. Changes might occur as the SaaS CMS transitions into general availability.

Configuring the API Client (Equivalent to OpenID Connect Package)

The API client functionality comes pre-installed in the SaaS CMS, and the setup is near identical to what we found on the PaaS platform with the Open ID Connect package. The tool can be found within Settings and the Access Rights section as highligted in the image below.  

Once on the API Client interface we can create a Client ID, the Client Secret is automatically generated please store this safely as there is no way of retrieving once you leave the page. The option to "Allow the client to impersonate users" is self-explanatory; enabling this allows the client to function as another user within the CMS.

Using the credentials

I'll demonstrate how to utilize these credentials using Postman to retrieve a JWT token for subsequent API calls. To obtain a Bearer Auth Token, a GET call needs to be made to the designated URL:

https://app-xxxprod.cms.optimizely.com/_cms/v0.5/oauth/token

Sending the required parameters along with the request, including grant_type, client_id, client_secret, and optionally act_as, will result in the generation of a token for future requests. Notably, this token expires automatically after 300 seconds.

Example: 

Authorisation to API using the Bearer Token

With the Bearer Token generated, subsequent API requests can now be authenticated by passing this token as the "Authorization" Header parameter.

Example:

Content Definitions API

Now armed with the bearer token, we can interact with the Content and Definitions API. The first API we explore is the Content Definitions API. Detailed API reference can be found here.

Get Content Types

A simple GET request to the following URL provides a list of all content types within the CMS:

https://app-xxxprod.cms.optimizely.com/_cms/v0.5/contenttypes

Example: 

To only get the details of a certain known type we pass in the definition name (key) to the URL:

https://app- xxxprod.cms.optimizely.com/_cms/v0.5/contenttypes/articlepage

Create Content Type

To create a content type, a POST request is made to the same URL, passing in the necessary parameters.

Example: 

Content {Delivery} API

The API reference to the Content API can be found here : Create content (optimizely.com)

Get Content

To retrieve a content item, a GET request is made to the designated URL, using the Guid of the page as the key. The key is in a UUID format so should not include any dashes e.g. 115988243510434482925671c3ee601a

https://app- xxxprod.cms.optimizely.com/_cms/v0.5/content/{key}

Example: 

Conclusion

As you can see its very easy to interact with the API’s and retrieve the relevant information you may need, as well as programmatically being able to create Content Models and Instances of these models. Its great to see this has all been included from the get go and provides a lot of scope to decide on how we manage the content definition creation process.