Sometimes it becomes necessary to use an API without the token, such as for navigation menus or public content or documents. but when we use Liferay’s headless APIs, it will not allow us to use those APIs without a valid token. but as an admin of Liferay, we can configure any endpoint that will work without the token.
Liferay’s service access policy is capable of handling these rules. In this blog, we will explain to you one use case for which we needed to use one headless API without any token.
Here you go…
Use case: We need to use Liferay’s navigation menu API without authentication.
If you see, we cannot use this API without logging in to Liferay.
Now we will log in using admin.
We will navigate to the Control panel > Security > Service Access Policy.
Create a new service access policy.
Get the class name of the headless API you want to use. For this example, “com.liferay.headless.delivery.internal.resource.v1_0.NavigationMenuResourceImpl” is the class, and “getNavigationMenu“ is the method.
For this, we will do the below settings in the new service access policy. We are using advanced mode here.
Save this setting. Now we will be able to use the API without logging in.
