How the Component Service communicates securely with Squiz Content Management Service
The Component Service communicates with Squiz Content Management Service through the Content API service. The Content API offers a read-only interface (the "R" in the CRUD data operations of an API) into a Squiz Content Management Service instance’s asset tree.
Information flow
The basic information flow is summarised in the following broad steps:
-
Content input by the content editors is called by the Component Service through the Content API.
-
The Component Service evaluates the content in the request.
-
For content like link and image references that must be resolved:
-
Asset ID references are loaded through the Content API.
-
The references are then resolved to JSON data.
-
The JSON data is made available in the code to render the content in the Components on your site.
-
-
For content that does not need to be resolved (for example, plain text), the content is passed through to the Component in JSON format with resolved content.
This information allows the rich asset-based data stored in Squiz Content Management Service to be reused in a standardized exchange format between Component Service instances. For example, a developer might request an image record with URLs, multiple variations, captions and alt text, and use a handlebars template to render their particular format of HTML for the component.
What access control measures can I use?
You can control how the Component Service accesses Squiz Content Management Service using these methods:
Access configuration examples
The Content API token is designed to give you the correct amount of access to the sites for which you want to resolve content. You can either use an existing user, for example the Public User, or you can create a specific user and grant it the relevant permissions.
For sites using that API identifier, editors will now be able to reference assets from either site - and cross-link pages, images, and other assets between those sites, but will not be able to reference content elsewhere in your system.
To grant common read access to pages and images from two sites on the one Squiz Content Management Service instance:
-
Set up a single user with a meaningful name, such as Content API User - Site A and B.
-
Grant the user the appropriate permissions to both sites.
-
Configure the root node settings on the Content API token screen to limit its access to the relevant parts of those sites.
To grant read access to pages and images from separate sites on the same Squiz Content Management Service instance:
-
Set up a single user named Content API User - SiteA.
-
Set up another user named Content API User - SiteB.
-
Add the users to any groups so they inherit the correct permissions schemes.
-
Create two Content API tokens that are scoped to each site.
-
Configure the root node and user access permissons for each token.