AEM exposes a variety of HTTP endpoints that can be interacted with in a headless manner, from GraphQL, AEM Content Services to Assets HTTP API. Often, these headless consumers may need to authenticate to AEM in order to access protected content or actions. To facilitate this, AEM supports token-based authentication of HTTP requests from external applications, services or systems.
Local Development Access Token
Local Development Access Tokens are generated for a specific AEM as a Cloud Service environment and providing access to Author and Publish services. These access tokens are temporary, and are only to be used during the development of external applications or systems that interact with AEM over HTTP. Instead of a developer having to obtain and manage bonafide Service Credentials, they can quickly and easily self-generate a temporary access token allowing them to develop their integration.
Service Credentials
Service Credentials are the bonafide credentials used in any non-development scenarios - most obviously production - that facilitate an external application or system’s ability to authenticate to, and interact with, AEM as a Cloud Service over HTTP. Service Credentials themselves are not sent to AEM for authentication, instead, the external application uses these to generate a JWT, which is exchanged with Adobe IMS’s APIs for an access token, which can then be used to authenticate HTTP requests to AEM as a Cloud Service.
Sample Node js example application