Edit in GitHubLog an issue

Authentication

Authentication Headers#

Every inbound HTTP API call to the Cloud Manager API must contain these three headers:

  • x-api-key
  • x-gw-ims-org-id
  • Authorization

The values which should be sent in the x-api-key and x-gw-ims-org-id headers are provided in the Credentials details screen in the Adobe Developer Console. The value of the x-api-key header is the Client ID and the value for the x-gw-ims-org-id header is the Organization ID.

Credential details

The Authorization header's value is in the form Bearer followed by a generated access token, e.g. Bearer somelongtokenvalue.

Generating an Access Token#

Manual Generation Using Adobe Developer Console#

Generating an access token can be done by navigating to the Cloud Manager API page for the project in the Adobe Developer Console and pasting the private key for the project.

Generate Access Token

Upon clicking the Generate Token button, an access token will be generated and can be copied to the clipboard.

Generated Access Token

Access tokens generated in this fashion will be valid for 24 hours, after which a new token must be generated.

Programatic Generation#

Programmatic generation of an access token is done by generating a JSON Web Token (JWT) and exchanging it with the Adobe Identity Management Service (IMS) for an access token.

The JWT is constructed as a JSON object with these keys, referred to as claims:

  • exp- the requested expiration of the access token, expressed as a number of seconds since January 1st 1970 GMT. For most use cases, this should be a relatively small value, e.g. 5 minutes. For example, for five minutes from now, this value should be 1656458629.
  • iss - the Organization ID from the Adobe Developer Console project, in the format org_ident@AdobeOrg.
  • sub - the Technical Account ID from the Adobe Developer Console integration, in the format: id@techacct.adobe.com.
  • aud - the Client ID from the Adobe Developer Console integration prepended with https://ims-na1.adobelogin.com/c/.
  • https://ims-na1.adobelogin.com/s/ent_cloudmgr_sdk - set to the literal value true.

This JSON object must be then base64 encoded and signed using the private key for the project.

Finally, the encoded value is sent in the body of a POST request to https://ims-na1.adobelogin.com/ims/exchange/jwt along with the Client ID and Client Secret for the project.

Language Support for JWT#

While it is possible to do the entire JWT generation and exchange process in custom code, it is more common to use a higher-level library to do so. A number of such libraries are listed on the Adobe I/O JWT Documentation.

  • Privacy
  • Terms of Use
  • Do not sell my personal information
  • AdChoices
Copyright © 2022 Adobe. All rights reserved.