World is now on Opti ID! Learn more

AI OnAI Off
Mark Hall
Mark Hall  -  Commerce
Feb 13, 2015
  3087
(0 votes)

Important Updates to the ServiceApi

We have released a new version of the EPiServer.ServiceApi and I wanted to highlight some important features over the last two releases.  As of version 1.2.0 the ServiceApi is now split out into two packages.

  • EPiServer.ServiceApi - this is the base package that only has dependency to EPiServer.Cms.Core.  This package will allow you to import media as well as episerverdata files.
  • EpiServer.ServiceApi.Commerce - this is the commerce package that has a dependency to EPiServer.Commerce.Core.  This package adds functionality to import catalog content and some restful operations for workng with catalog content.

As of version 1.3.0 all actions require permissions.  This means the user getting an auth token must have access to the permissions to use the functions.  The permissions are done with the new permissions to functions introduced in EPiServer.Cms.Core 7.19.1.  The ServiceApi has two permissions read and write.  Any function that manipulates data will require write access while all other require read access.  By default when instaling version 1.3.0 the administrators role is granted read and write access. 

If you would like to use the ServiceApi read and write permissions in your own webapi controlllers, you can decorate your method like below.  You also have the ability to create your own permissions and use with the AuthorizePermission attribute.

[Route("myroute", Name = "mymethod")]
[HttpGet]
[AcceptVerbs("GET")]
[ResponseType(typeof(IEnumerable<Models.MyModel>))]
[EPiServer.ServiceApi.Configuration.AuthorizePermission(EPiServer.ServiceApi.Configuration.Permissions.GroupName, EPiServer.ServiceApi.Configuration.Permissions.Read)]
public virtual IHttpActionResult MyMethod()
{
        if (!ModelState.IsValid)
        {
            return BadRequest(ModelState);
        }
        return Ok(ModelFactory.GetMyMethod());
}

ServiceAPi automatically registers controllers with attribute routing so this allows you to use the permissions in your own webapi controllers.  We needed to add a new AuthorizePermission for webapi controllers, the one introduced in EPiServer.Web.Mvc is only for mvc controllers.

There were also some additional security updates which lead the removal of httpmodule EPiServer.ServiceApi.IntegrationAuthorizationModule.

Feb 13, 2015

Comments

Please login to comment.
Latest blogs
Make Global Assets Site- and Language-Aware at Indexing Time

I had a support case the other day with a question around search on global assets on a multisite. This is the result of that investigation. This co...

dada | Jun 26, 2025

The remote server returned an error: (400) Bad Request – when configuring Azure Storage for an older Optimizely CMS site

How to fix a strange issue that occurred when I moved editor-uploaded files for some old Optimizely CMS 11 solutions to Azure Storage.

Tomas Hensrud Gulla | Jun 26, 2025 |

Enable Opal AI for your Optimizely products

Learn how to enable Opal AI, and meet your infinite workforce.

Tomas Hensrud Gulla | Jun 25, 2025 |

Deploying to Optimizely Frontend Hosting: A Practical Guide

Optimizely Frontend Hosting is a cloud-based solution for deploying headless frontend applications - currently supporting only Next.js projects. It...

Szymon Uryga | Jun 25, 2025

World on Opti ID

We're excited to announce that world.optimizely.com is now integrated with Opti ID! What does this mean for you? New Users:  You can now log in wit...

Patrick Lam | Jun 22, 2025

Avoid Scandinavian Letters in File Names in Optimizely CMS

Discover how Scandinavian letters in file names can break media in Optimizely CMS—and learn a simple code fix to automatically sanitize uploads for...

Henning Sjørbotten | Jun 19, 2025 |

See all blogs