Edit in GitHubLog an issue

OAuth Server-to-Server credential API Reference

Following is an API reference for Adobe Identity Management Services (IMS) APIs.

Fetching access tokens

The OAuth Server-to-server credential uses the client_credentials grant to generate access tokens.

Parameters

Parameters can be sent in the body or as query parameters. Passing parameters in the body is recommended for sensitive data, as query parameters may be logged by app servers.

ParameterMandatoryDescription
grant_typeYesValue should always be client_credentials
client_idYesThe Client ID obtained from the Adobe Developer Console
client_secretYesThe value of client secret obtained from the Adobe Developer Console
scopeYesThe list of comma separated scopes you are requesting. To see the scopes available to your credential, visit your project on the Adobe Developer Console

Request for OAuth Server-to-Server credential

Copied to your clipboard
1curl -X POST 'https://ims-na1.adobelogin.com/ims/token/v3' \
2 -H 'Content-Type: application/x-www-form-urlencoded' \
3 -d 'client_id={CLIENT_ID}&client_secret={CLIENT_SECRET}&grant_type=client_credentials&scope={SCOPE}'

Sample Response

Copied to your clipboard
1{
2 "access_token": "{ACCESS_TOKEN}",
3 "token_type": "bearer",
4 "expires_in": 86399
5}

Refreshing access tokens

You do not need a refresh token for OAuth Server-to-Server credentials. You can always request a new access token directly using your client_id, client_secret, and scopes. See fetching access tokens.

List all client secrets

Pre-requisite: You need to add I/O Management API to your project for fetching the list of secrets. See Add API to a Project

Note: No client_secret values are returned by this API. Only the secret uuid and other metadata is returned.

Parameters

ParameterWhereMandatoryDescription
org_idURLYesFor instructions on where to find the org_id, see step 2 and 3 on our guide to rotate secrets programmatically
credential_idURLYesFor instructions on where to find the credential_id, see step 2 and 3 on our guide to rotate secrets programmatically
client_idHeadersYesThe Client ID obtained from the Adobe Developer Console
access_tokenHeadersYesFor instructions on how to generate an access token, see step 5 on our guide to rotate secrets programmatically

Request for OAuth Server-to-Server credential

Copied to your clipboard
1curl -X GET 'https://api.adobe.io/console/organizations/{org_id}/credentials/{credential_id}/secrets' \
2 -H 'Authorization: Bearer {access_token}' \
3 -H 'x-api-key: {client_id}'

Sample Response

200 OK

Copied to your clipboard
1{
2 "client_id": "e053e1a87cf74c68a6ec8e71d4a82662",
3 "client_secrets": [
4 {
5 "expires_at": "PERMANENT",
6 "expires_at_str": "PERMANENT",
7 "created_at": "1682448485000",
8 "created_at_str": "Tue, Apr 25 2023 18:48:05.000 UTC",
9 "uuid": "11ede399b68b57a5aca6a96b8b6487c9",
10 "secret_usages": null
11 },
12 {
13 "expires_at": "PERMANENT",
14 "expires_at_str": "PERMANENT",
15 "created_at": "1683005777000",
16 "created_at_str": "Tue, May 2 2023 05:36:17.000 UTC",
17 "uuid": "11ede8ab42f138f3abe335d886a407fb",
18 "secret_usages": [
19 {
20 "last_used_at": "1683162010101",
21 "grant_type": "client_credentials"
22 }
23 ]
24 }
25 ]
26}

Note: the created_at and last_used_at values are in milliseconds since UNIX epoch.

Add client secret to credential

You can add up to 2 client secrets for an OAuth Server-to-Server credential.

Pre-requisite: You need to add I/O Management API to your project for adding client secret to the credential. See Add API to a Project

Note: The API response contains the the client_secret that was added and its uuid. This client_secret will never be returned in plain text by any other API response. However, you can still find it on the Developer Console UI.

Parameters

ParameterWhereMandatoryDescription
org_idURLYesFor instructions on where to find the org_id, see step 2 and 3 on our guide to rotate secrets programmatically
credential_idURLYesFor instructions on where to find the credential_id, see step 2 and 3 on our guide to rotate secrets programmatically
client_idHeadersYesThe Client ID obtained from the Adobe Developer Console
access_tokenHeadersYesFor instructions on how to generate an access token, see step 5 on our guide to rotate secrets programmatically

Request for OAuth Server-to-Server credential

Copied to your clipboard
1curl -X POST 'https://api.adobe.io/console/organizations/{org_id}/credentials/{credential_id}/secrets' \
2 -H 'Authorization: Bearer {access_token}' \
3 -H 'x-api-key: {client_id}'

Sample Response

201 Created

Copied to your clipboard
1{
2 "expires_at": "PERMANENT",
3 "expires_at_str": "PERMANENT",
4 "client_secret": "XXXXXXXXXXXXX",
5 "created_at": "1683005777000",
6 "created_at_str": "Tue, May 2 2023 05:36:17.000 UTC",
7 "uuid": "11ede8ab42f138f3abe335d886a407fb",
8 "secret_usages": null
9}

Note: the created_at and last_used_at values are in milliseconds since UNIX epoch.

Remove client secret from credential

Pre-requisite: You need to add I/O Management API to your project for removing client secret from the credential. See Add API to a Project

Note: you need the secret uuid to delete a secret. You cannot use the plain text client_secret value to identify which secret to delete.

Parameters

ParameterWhereMandatoryDescription
org_idURLYesFor instructions on where to find the org_id, see step 2 and 3 on our guide to rotate secrets programmatically
credential_idURLYesFor instructions on where to find the credential_id, see step 2 and 3 on our guide to rotate secrets programmatically
uuidURLYesThe uuid of the secret you wish to delete. See the list all secrets API to get the secret's uuid.
client_idHeadersYesThe Client ID obtained from the Adobe Developer Console
access_tokenHeadersYesFor instructions on how to generate an access token, see step 5 on our guide to rotate secrets programmatically

Request for OAuth Server-to-Server credential

Copied to your clipboard
1curl -X DELETE 'https://api.adobe.io/console/organizations/{org_id}/credentials/{credential_id}/secrets/{uuid}' \
2 -H 'Authorization: Bearer {access_token}' \
3 -H 'x-api-key: {client_id}'

Sample Response

204 No Content

  • Privacy
  • Terms of Use
  • Do not sell or share my personal information
  • AdChoices
Copyright © 2023 Adobe. All rights reserved.