Whether it’s using generative AI to quickly write new product descriptions or using AI generated images to jumpstart a new marketing campaign, Generative AI has the potential to streamline creation of new content in AEM. AEM’s cloud version has its own AI tools built-in, but some users may want to use other third-party gen AI applications. On-premise AEM needs to integrate with external AI applications since it does not have a native Gen AI model. Both of these instances require the user to give access to AEM through APIs to deliver content output directly. Securing your APIs when integrating with Generative AI is essential.

When external applications or users access AEM, developers must consider potential security vulnerabilities and plan accordingly to prevent breaches. While different implementations and Gen AI models might have varied considerations, there are some generalized issues that should be taken into account.

AEM’s APIs

AEM has a host of APIs that can integrate various third party applications. Some APIs are already exposed for integration such as the Assets API and the RESTful screens API. Developers can expose other APIs by creating custom servlets that allows external requests to create custom access. AEM’s cloud service has an extensive, rich library of APIs that can perform a variety of actions:

  • Content Fragments Delivery API – GET content fragments, list content fragments, and access models.
  • Sites API – GET, POST, edit, and delete content fragments, models, and tags. It can also search for content fragments and access translation information. The API can also check a user’s permission to access a particular resource.
  • Assets Author API – Delete, update metadata, and collect event information of assets.
  • Asset Delivery API – Download, deliver, and access assets. Get asset metadata. Access, update, and retrieve information for collections.
  • Multisite Manager – Manage multiple live copies of sites.
  • Folders API – List, create, and delete folders.
  • Forms Document Services API – Convert files to/from the PDF format. Extract metadata and other information from documents.
  • Statistics API – Create, manage, and GET reports for usage statistics.
  • Translation APIManage translation projects.

These APIs allow integrated applications to perform tasks with AEM such as remotely updating product metadata displayed on sites or editing site components. Because these APIs are so powerful, they can be exploited. It’s important to mitigate any chance that they are vulnerable to malicious actors. These bad actors can exploit APIs by overloading your system with requests in a DDoS style attack, accessing private information, or vandalizing data. 

Securing APIs

Despite these concerns, APIs are an essential tool, and the right developers can eliminate possible downsides. Here are some overall security measures that developer can take to help secure their APIs:

  • Properly configure your APIs: Several of the AEM APIs come with their own configurations in the system console. These include filters and other options to help secure the APIs
  • Secure your instances using HTTPS with an SSL/TSL certificate.
  • Integrate AEM with the Adobe Identity Management (IMS) to help further enforce access controls.
  • Use API tokens or keys to authenticate requests to your API(s). This helps ensure that the requests are coming from the approved sources that should be accessing the API.
  • Have a system user that all actions are passed through which has specific permissions to avoid having access to any part of the repository that should be private/secure.
  • Configure CORS to limit what domains can send requests to AEM
  • Add a CSP header to your dispatcher.
  • Utilize security features of the Gen AI app you are integrating with.
  • Validate all data sent through the API, making sure it is only sending expected requests.

By implementing these security measures, AEM APIs exposed to Generative AI applications become more resilient to a number of attacks. As AI evolves, so will security concerns, and it becomes important to keep up to date on the latest methods to secure your APIs. If you are looking to integrate generative AI into your AEM applications, KBWEB can help your company secure your APIs and Data.