Authentication

Learn how to authenticate requests to Firefly APIs

Overview

Every request made to Firefly APIs must include an encrypted access token. Your secure, server-side application retrieves an access token by making a request to the Adobe Identity Management System (IMS) with your Client ID and Client Secret.

Prerequisites

This tutorial assumes you have worked with your Adobe Representative and have the following:

An Adobe Developer Console account.
A project with Firefly API OAuth Server-to-Server credentials set up.
Access to your Client ID and Client Secret from the Adobe Developer Console project. Securely store these credentials and never expose them in client-side or public code.

Retrieve an access token

First, open a secure terminal and export your Client ID and Client Secret as environment variables so that your later commands can access them:

export FIREFLY_SERVICES_CLIENT_ID=<your_Client_ID>
export FIREFLY_SERVICES_CLIENT_SECRET=<your_Client_Secret>
Copied to your clipboard
export FIREFLY_SERVICES_CLIENT_ID=<your_Client_ID>
export FIREFLY_SERVICES_CLIENT_SECRET=<your_Client_Secret>

Next, run the following command to generate an access token:

curl --location 'https://ims-na1.adobelogin.com/ims/token/v3' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode "client_id=$FIREFLY_SERVICES_CLIENT_ID" \
--data-urlencode "client_secret=$FIREFLY_SERVICES_CLIENT_SECRET" \
--data-urlencode 'scope=openid,AdobeID,session,additional_info,read_organizations,firefly_api,ff_apis'
Copied to your clipboard
curl --location 'https://ims-na1.adobelogin.com/ims/token/v3' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode "client_id=$FIREFLY_SERVICES_CLIENT_ID" \
--data-urlencode "client_secret=$FIREFLY_SERVICES_CLIENT_SECRET" \
--data-urlencode 'scope=openid,AdobeID,session,additional_info,read_organizations,firefly_api,ff_apis'

The response will look like this:

{"access_token":"yourExampleTokenAsdf123","token_type":"bearer","expires_in":86399}
Copied to your clipboard
{"access_token":"yourExampleTokenAsdf123","token_type":"bearer","expires_in":86399}

Notice how the response includes an expires_in field, which informs you of how many more seconds the access token is valid for. Each access token is valid for 24 hours, after which your secure server-side application will need to request a new token. A best practice is securely store the token and refresh it before it expires.

Export your access token as an environment variable:

export FIREFLY_SERVICES_ACCESS_TOKEN=yourExampleTokenAsdf123
Copied to your clipboard
export FIREFLY_SERVICES_ACCESS_TOKEN=yourExampleTokenAsdf123

Ready to put your API authentication to use? Continue to the Generate Images API guide.

Quickstart

Adobe Developer Console

Last updated 6/2/2025

Was this helpful?

Yes

Authentication

Overview.css-83mclq{margin-left:var(--spectrum-global-dimension-size-100);}

Prerequisites

Retrieve an access token

Overview