Configure authentication for Adobe Target APIs

Last update: Mon Nov 13 2023 00:00:00 GMT+0000 (Coordinated Universal Time)

CREATED FOR:

Developer

The Adobe Target Admin APIs, including Recommendations Admin APIs, are secured by authentication to ensure only authorized users use them to access Adobe Target. Use the Adobe Developer Console to manage this authentication for all Adobe Experience Cloud solutions, including Adobe Target.

IMPORTANT

The Service Account (JWT) credentials describe in this article will be deprecated in favor of the new OAuth Server-to-Server credentials.

The Service Account (JWT) credentials will continue to work until January 1, 2025. You must migrate your application or integration to use the new OAuth Server-to-Server credential before January 1, 2025.

For more information and step-by-step instructions to migrate your integration, see Migrating from Service Account (JWT) credential to OAuth Server-to-Server credential in the Developer Console documentation.

For information to set up new OAuth credentials, see OAuth Server-to-Server credential implementation in the Developer Console documentation.

Here are the preliminary steps required to generate the legacy JWT authentication tokens needed to successfully interact with Adobe Target APIs:

Create a project (previously called integration) in the Adobe Developer Console.
Export project details to Postman.
Generate a bearer access token.
Test the bearer access token.

Pre-requisites

Resource

Details

Postman

In order to complete these steps successfully, get the Postman app for your operating system. Postman basic is free with account creation. While not required in order to use Adobe Target APIs in general, Postman makes API workflows easier, and Adobe Target provides several Postman collections to help execute its APIs and learn how they operate. The rest of this guide assumes working knowledge of Postman. For assistance, see the Postman documentation.

References

Familiarity with the following resources is assumed throughout the rest of this guide:

Create an Adobe I/O project

In this section, you will access the Adobe Developer Console and create a project for Adobe Target. For more information, reference the documentation on projects.

In the Adobe Admin Console, ensure your Adobe user account has been granted both Product Admin and Developer level access to Target.
In the Adobe Developer Console, select the Experience Cloud Organization for which you want to create this integration. (Note it is likely you may only have access to a single Experience Cloud Organization.)
Click Create new project.
Click Add API to add a REST API to your project to access Adobe services and products.
Select Adobe Target as the Adobe service you wish to integrate with. Click the Next button that appears.
Select an option for associating public and private keys with the service account integration you are creating for Target. For this example, select Option 1: Generate a key pair and click Generate keypair.
As instructed, make note of the automatically downloaded configuration file (config), which contains your private key. Click Next.
In your file system, verify the location of config, which is the compressed configuration file created in the previous step. Again, this config file contains your private key, which you will need later. The exact location within your file system may differ from the one shown here.
Back in the Adobe Developer Console, select the product profile(s) corresponding to the properties in which you are using Adobe Recommendations. (If you are not using properties, select the Default Workspace option.) Click Save configured API.
Click Create Integration. You should receive a temporary message indicating your API was successfully configured.
As a final step, rename your project to a name more meaningful than the original Project 1. To do this, navigate to the project using the navigation path as show, click Edit project to access the Edit Project modal, and rename the project.

NOTE

In this example, we name our project “Target Integration.” If you anticipate using your project for more than just Adobe Target, you may want to name it accordingly. For example, you might choose to name it “Adobe APIs” or “Experience Cloud APIs,” since it may be used with other solutions in the Adobe Experience Cloud.

Export project details

Now that you have an Adobe project you can use for accessing Target, you need to make sure to send details of that project along with your Adobe API requests. These details are required in order to interact with several Adobe APIs, including several Target APIs. For example, the integration details include authorization and authentication information required by the Target Admin APIs. Therefore, to use the APIs with Postman, you need to get those details into Postman.

There are many ways to specify the details of your project in Postman, but in this section, we take advantage of some pre-built features and collections. First (in this section), you will export the details of your integration into a Postman environment. Next (in the following section), you will generate a bearer access token to grant you access to the necessary Adobe resources.

NOTE

For video instructions applicable for any Experience Cloud solution, including Target, see Use Postman with Experience Platform APIs. The following sections are relevant to the Target APIs: 1. Create and export Experience Platform API to Postman 2. Generate an Access Token with Postman. These steps are also provided below.

Still in the Adobe Developer Console, navigate to view your new project’s Service Account (JWT) credentials. Use either the left navigation or the Credentials section as shown.

In Credential details, note you may view your Public key(s), Client ID, and other information related to your service account.
Click to navigate to information about the Adobe Target API. Use either the left navigation or the Connected products and services section as shown.
Click Download for Postman > Service Account (JWT) to create a JSON file capturing your authentication information for a Postman environment.

Note the JSON file in your file system.
In Postman, click the gear icon to manage your environments, then click Import to import the JSON file (environment).
Choose your file and click Open.
In the Postman Manage Environments modal, click the name of the newly imported environment to inspect it. (Your environment name may be different from the one shown here. Edit the name as desired. It does not necessarily need to match the name of the Adobe project.)
Note CLIENT_SECRET and API_KEY (along with other variables) have their values pre-populated, taken from your integration as defined in the Adobe Developer Console. (The Postman CLIENT_SECRET variable should match the CLIENT SECRET Adobe credential as displayed in the Developer Console, and API_KEY in Postman should likewise match CLIENT ID in the Developer Console.) By contrast, note PRIVATE_KEY, JWT_TOKEN, and ACCESS_TOKEN are blank. Let’s start by providing the PRIVATE_KEY value.
From your file system, open your config file, and open the private key file.
Select and copy the entire contents of the private key file.
In Postman, paste your private key value into the INITIAL VALUE and CURRENT VALUE fields.
Click Update, and close the Environments modal.

Generate the bearer access token

In this section, you generate your bearer access token, which is required for authenticating your interaction with Adobe Target APIs. To generate your bearer access token, you need to send your integration details (established in the preceding sections) to the Adobe Identity Management Service (IMS). There are a few different ways to do this, but in this guide we take advantage of a Postman collection containing a pre-built IMS call that makes the process direct and easy. Once you import the collection, you may reuse it whenever needed, to generate new tokens not only for Adobe Target, but other Adobe APIs as well.

Navigate to the Adobe Identity Management Service API sample calls.
Click the Adobe I/O Access Token Generation Postman collection.
Get the raw JSON for this collection by clicking Raw, then copying the resulting JSON to your clipboard. (Alternatively, you can save the raw JSON as a .json file.)
In Postman, import the collection by pasting and submitting the raw JSON from your clipboard. (Alternatively, you can upload the .json file you saved.) Click Continue.

Select the IMS: JWT Generate + Auth via User Token request in the Adobe I/O Access Token Generation Postman collection, ensure your environment is selected, and click Send to generate the token.

token5

note note
NOTE
This bearer access token will be valid for 24 hours. Send the request again whenever you need to generate a new token.

Open the Manage Environments modal again, and select your environment.
Note the ACCESS_TOKEN and JWT_TOKEN values are now populated.

Question: Do I have to use the Adobe I/O Access Token Generation Postman collection to generate the JSON Web Token (JWT) and bearer access token?

Answer: No. The Adobe I/O Access Token Generation Postman collection is available as a convenience to more easily generate the JWT and bearer access token in Postman. Alternatively, you can use capabilities within the Adobe Developer Console to manually generate the bearer access token.

Test the bearer access token

In this exercise, you will use your new bearer access token by sending an API request that retrieves a list of activities from your Target account. A successful response indicates your Adobe project and authentication are operating as expected in order to use the API.

Import the Adobe Target Admin APIs Postman Collection. Follow all prompts until the collection is imported in Postman.
Expand the collection, and note the List activities request.
Note that variables such as {{access_token}} are initially unresolved. You could resolve this in several different ways—for example, you could define a new collection variable called {{access_token}}—but in this guide, you will instead change the API request to leverage the Postman environment you were previously using. This will enable the environment to continue to serve as a single, consistent consolidation of all variables common across Adobe APIs.
Type to replace {{access_token}} with {{ACCESS_TOKEN}}.
Type to replace {{api_key}} with {{API_KEY}}.
Type to replace {{tenant}} with {{TENANT_ID}}. Note {{TENANT_ID}} is not yet recognized.
Open the Manage Environments modal, and select your environment.

Type to add a new {{TENANT_ID}} environment variable. Copy and paste your Tenant ID value into the INITIAL VALUE and CURRENT VALUE fields for your new TENANT_ID environment variable.

testtoken5

note note

NOTE

The Tenant ID is different from your Target clientcode. The Tenant ID exists in the URL when you are logged in to Target. To obtain your Tenant ID, log in to the Adobe Experience Cloud, open Target, and click the Target card. Use the Tenant ID value as noted in the URL subdomain. For example, if your URL when logged in to Adobe Target is <https://mycompany.experiencecloud.adobe.com/...> then your Tenant ID is “mycompany.”

Send your request, after ensuring you have selected the correct environment. You should receive a response containing your list of activities.

Now that you have verified your Adobe authentication, you can use it to interact with Adobe Target APIs (as well as other Adobe APIs). For example, you can Use Recommendations APIs to create or manage recommendations, or you can use it with the Target Delivery API.

recommendation-more-help

6906415f-169c-422b-89d3-7118e147c4e3