Configuring Public Access to Clarity's Blog APIs

Liferay's service access policies control remote access to web services, ensuring only permitted methods are invoked. Proper configuration protects your environment by restricting access to approved entities, while enabling secure retrieval of sensitive data. To use these policies, you must identify the specific service you want to share—represented by a "service signature"—and create a policy that authorizes it for public or restricted use. Clarity’s team would like to test publicizing endpoints with service access policies.

In these exercises, you’ll configure a service access policy to securely fetch and display Clarity’s blogs.

Exercise: Retrieving Clarity's Blogs with Headless APIs

Here, you'll consume headless APIs to retrieve Clarity's existing blog posts and access the blogs API endpoint to verify its service signature (used to connect the component via the installed service class’s fully qualified name).

  1. Sign in as the Clarity Admin user.

    • Username: admin@clarityvisionsolutions.com
    • Password: learn

  2. Open the Site Menu (Site Menu), expand Configuration, and click Site Settings.

  3. Under the Platform section, click Site Configuration.

  4. From the Details tab, copy the Site ID for use in a later step.

    From the Details tab, copy the Site ID for use in a later step.

  5. Navigate to the API Explorer at http://localhost:8080/o/api.

  6. Within the default Headless Delivery REST application, search for the getSiteBlogPostingsPage BlogPosting endpoint.

    Search for the BlogPosting endpoint.

    This endpoint has a single required parameter: the siteId.

  7. Enter your Site ID value as the siteId parameter of the getSiteBlogPostingsPage endpoint.

    Enter your Site ID value in the endpoint's parameter.

  8. Click Execute.

    Click Execute and check the response.

    These useful details appear:

    • Curl command for executing this request from a terminal or third-party platform.
    • Request URL.
    • HTTP Response code.
    • Response body containing a list of blog postings from the Clarity Public Enterprise website.
    • Response headers.

  9. Search for "headline" within the response body to review the returned blog titles.
    Next, you'll test calling the request URL using the same method as Clarity's dashboards.

  10. Copy the Request URL of the endpoint for later steps.

    Copy the Request URL of the endpoint for later steps.

  11. Open a new browser window in Incognito mode and paste the Request URL.

  12. You will see the following error message indicating that access is denied:

    <Forbidden xmlns="">
<message>Access denied to com.liferay.headless.delivery.internal.resource.v1_0.BlogPostingResourceImpl#getSiteBlogPostingsPage</message>
</Forbidden>
    This error provides valuable information by displaying the BlogPosting service signature, which you will use to configure the service access policy. 
    com.liferay.headless.delivery.internal.resource.v1_0.BlogPostingResourceImpl

Great! You've retrieved Clarity's blog posts and verified the required service signature.

Exercise: Creating Clarity's Blogs Service Access Policy

Here, you'll configure a service access policy to enable public access to the blog posting API endpoint for Clarity's dashboards.

  1. Signed in as the Clarity Admin on your Liferay instance, open the Global Menu (Global Menu), go to the Control Panel tab, and click Service Access Policy.

  2. Click New.

  3. Enter the following information for the new service access policy:

    • Name: BLOGS_POSTING_API_ACCESS
    • Enabled: True
    • Default: True
    • Title: Grants access to the BLOGS POSTING API requests

  4. Click Switch to Advanced Mode.

  5. Within Allowed Service Signatures, paste the previously identified service signature:

    com.liferay.headless.delivery.internal.resource.v1_0.BlogPostingResourceImpl

    Within Allowed Service Signatures, paste the previously identified service signature.

  6. Click Save.
    Now, you'll retry calling the REST API's request URL to simulate an API call from a dashboard.

  7. Open a new browser window in Incognito mode and navigate to the Request URL copied in the previous exercise.

    Open a new browser window in Incognito mode and navigate to the Request URL copied in the previous exercise.

You should now see a list of blog posts available to display within dashboards, as public access has been granted through the configured service access policy.

Conclusion

Great! You've successfully configured Clarity's API access by enabling public access for blog content and securing document data with OAuth2 authentication. This approach balances open access for public resources while enforcing security for restricted assets, keeping Clarity's integrations both accessible and protected.

Next, you'll learn how to consume the API in both frontend and backend contexts.

Loading Knowledge