Authentication
Learn how to authenticate requests to Illustrator API.
Overview
Every request made to Illustrator API must include an encrypted access token.
Your secure, server-side application retrieves an access token by making a request to the Adobe Identity Management System (IMS) with your Client ID and Client Secret.
Prerequisites
This tutorial assumes you have worked with your Adobe representative and have the following:
- An Adobe Developer Console account.
- A project with Illustrator API OAuth Server-to-Server credentials set up.
- Access to your Client ID and Client Secret from the Adobe Developer Console project. Securely store these credentials and never expose them in client-side or public code.
Retrieve an access token
A temporary access token validates calls to the API. You can generate an access token can directly in the Developer Console, or programmatically by following the steps below.
- Open a secure terminal and export your Client ID and Client Secret as environment variables so that later commands can access them:
export ILLUSTRATOR_API_CLIENT_ID=<Your_Client_ID>
export ILLUSTRATOR_API_CLIENT_SECRET=<Your_Client_Secret>
- Run the following command to generate an access token:
curl --location 'https://ims-na1.adobelogin.com/ims/token/v3' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode "client_id=ILLUSTRATOR_API_CLIENT_ID" \
--data-urlencode "client_secret=ILLUSTRATOR_API_CLIENT_SECRET" \
--data-urlencode 'scope=openid, AdobeID, ff_apis, firefly_enterprise, illustrator_services_beta'
The response will look like this:
{
"access_token": "exampleAccessTokenAsdf123",
"token_type": "bearer",
"expires_in": 86399
}
The response includes an expires_in field that specifies the length of time, in seconds, that the access token is valid. After the access token expires, your application must request a new token.
- Export your access token as an environment variable:
export ILLUSTRATOR_API_ACCESS_TOKEN=<Your_Access_Token>