Configure authentication for Adobe Target APIs
The Adobe Target Admin APIs, including Recommendations Admin APIs, are secured by authentication to ensure only authorized users use them to access Adobe Target. Use the Adobe Developer Console to manage this authentication for all Adobe Experience Cloud solutions, including Adobe Target.
Here are the preliminary steps required to generate the legacy JWT authentication tokens needed to successfully interact with Adobe Target APIs:
- Create a project (previously called integration) in the Adobe Developer Console.
- Export project details to Postman.
- Generate a bearer access token.
- Test the bearer access token.
Pre-requisites
Familiarity with the following resources is assumed throughout the rest of this guide:
Create an Adobe I/O project
In this section, you will access the Adobe Developer Console and create a project for Adobe Target. For more information, reference the documentation on projects.
-
In the Adobe Admin Console, ensure your Adobe user account has been granted both Product Admin and Developer level access to Target.
-
In the Adobe Developer Console, select the Experience Cloud Organization for which you want to create this integration. (Note it is likely you may only have access to a single Experience Cloud Organization.)
-
Click Create new project.
-
Click Add API to add a REST API to your project to access Adobe services and products.
-
Select Adobe Target as the Adobe service you wish to integrate with. Click the Next button that appears.
-
Select an option for associating public and private keys with the service account integration you are creating for Target. For this example, select Option 1: Generate a key pair and click Generate keypair.
-
As instructed, make note of the automatically downloaded configuration file (
config
), which contains your private key. Click Next. -
In your file system, verify the location of
config
, which is the compressed configuration file created in the previous step. Again, thisconfig
file contains your private key, which you will need later. The exact location within your file system may differ from the one shown here. -
Back in the Adobe Developer Console, select the product profile(s) corresponding to the properties in which you are using Adobe Recommendations. (If you are not using properties, select the Default Workspace option.) Click Save configured API.
-
Click Create Integration. You should receive a temporary message indicating your API was successfully configured.
-
As a final step, rename your project to a name more meaningful than the original
Project 1
. To do this, navigate to the project using the navigation path as show, click Edit project to access the Edit Project modal, and rename the project.
Export project details
Now that you have an Adobe project you can use for accessing Target, you need to make sure to send details of that project along with your Adobe API requests. These details are required in order to interact with several Adobe APIs, including several Target APIs. For example, the integration details include authorization and authentication information required by the Target Admin APIs. Therefore, to use the APIs with Postman, you need to get those details into Postman.
There are many ways to specify the details of your project in Postman, but in this section, we take advantage of some pre-built features and collections. First (in this section), you will export the details of your integration into a Postman environment. Next (in the following section), you will generate a bearer access token to grant you access to the necessary Adobe resources.
-
Still in the Adobe Developer Console, navigate to view your new project’s Service Account (JWT) credentials. Use either the left navigation or the Credentials section as shown.
In Credential details, note you may view your Public key(s), Client ID, and other information related to your service account.
-
Click to navigate to information about the Adobe Target API. Use either the left navigation or the Connected products and services section as shown.
-
Click Download for Postman > Service Account (JWT) to create a JSON file capturing your authentication information for a Postman environment.
Note the JSON file in your file system.
-
In Postman, click the gear icon to manage your environments, then click Import to import the JSON file (environment).
-
Choose your file and click Open.
-
In the Postman Manage Environments modal, click the name of the newly imported environment to inspect it. (Your environment name may be different from the one shown here. Edit the name as desired. It does not necessarily need to match the name of the Adobe project.)
-
Note
CLIENT_SECRET
andAPI_KEY
(along with other variables) have their values pre-populated, taken from your integration as defined in the Adobe Developer Console. (The PostmanCLIENT_SECRET
variable should match theCLIENT SECRET
Adobe credential as displayed in the Developer Console, andAPI_KEY
in Postman should likewise matchCLIENT ID
in the Developer Console.) By contrast, notePRIVATE_KEY
,JWT_TOKEN
, andACCESS_TOKEN
are blank. Let’s start by providing thePRIVATE_KEY
value. -
From your file system, open your
config
file, and open theprivate
key file. -
Select and copy the entire contents of the
private
key file. -
In Postman, paste your private key value into the INITIAL VALUE and CURRENT VALUE fields.
-
Click Update, and close the Environments modal.
Generate the bearer access token
In this section, you generate your bearer access token, which is required for authenticating your interaction with Adobe Target APIs. To generate your bearer access token, you need to send your integration details (established in the preceding sections) to the Adobe Identity Management Service (IMS). There are a few different ways to do this, but in this guide we take advantage of a Postman collection containing a pre-built IMS call that makes the process direct and easy. Once you import the collection, you may reuse it whenever needed, to generate new tokens not only for Adobe Target, but other Adobe APIs as well.
-
Navigate to the Adobe Identity Management Service API sample calls.
-
Click the Adobe I/O Access Token Generation Postman collection.
-
Get the raw JSON for this collection by clicking Raw, then copying the resulting JSON to your clipboard. (Alternatively, you can save the raw JSON as a .json file.)
-
In Postman, import the collection by pasting and submitting the raw JSON from your clipboard. (Alternatively, you can upload the .json file you saved.) Click Continue.
-
Select the IMS: JWT Generate + Auth via User Token request in the Adobe I/O Access Token Generation Postman collection, ensure your environment is selected, and click Send to generate the token.
note note NOTE This bearer access token will be valid for 24 hours. Send the request again whenever you need to generate a new token. -
Open the Manage Environments modal again, and select your environment.
-
Note the
ACCESS_TOKEN
andJWT_TOKEN
values are now populated.
Question: Do I have to use the Adobe I/O Access Token Generation Postman collection to generate the JSON Web Token (JWT) and bearer access token?
Answer: No. The Adobe I/O Access Token Generation Postman collection is available as a convenience to more easily generate the JWT and bearer access token in Postman. Alternatively, you can use capabilities within the Adobe Developer Console to manually generate the bearer access token.
Test the bearer access token
In this exercise, you will use your new bearer access token by sending an API request that retrieves a list of activities from your Target account. A successful response indicates your Adobe project and authentication are operating as expected in order to use the API.
-
Import the Adobe Target Admin APIs Postman Collection. Follow all prompts until the collection is imported in Postman.
-
Expand the collection, and note the List activities request.
-
Note that variables such as
{{access_token}}
are initially unresolved. You could resolve this in several different ways—for example, you could define a new collection variable called{{access_token}}
—but in this guide, you will instead change the API request to leverage the Postman environment you were previously using. This will enable the environment to continue to serve as a single, consistent consolidation of all variables common across Adobe APIs. -
Type to replace
{{access_token}}
with{{ACCESS_TOKEN}}
. -
Type to replace
{{api_key}}
with{{API_KEY}}
. -
Type to replace
{{tenant}}
with{{TENANT_ID}}
. Note{{TENANT_ID}}
is not yet recognized. -
Open the Manage Environments modal, and select your environment.
-
Type to add a new
{{TENANT_ID}}
environment variable. Copy and paste your Tenant ID value into the INITIAL VALUE and CURRENT VALUE fields for your newTENANT_ID
environment variable.note note NOTE The Tenant ID is different from your Target clientcode
. The Tenant ID exists in the URL when you are logged in to Target. To obtain your Tenant ID, log in to the Adobe Experience Cloud, open Target, and click the Target card. Use the Tenant ID value as noted in the URL subdomain. For example, if your URL when logged in to Adobe Target is<https://mycompany.experiencecloud.adobe.com/...>
then your Tenant ID is “mycompany.” -
Send your request, after ensuring you have selected the correct environment. You should receive a response containing your list of activities.
Now that you have verified your Adobe authentication, you can use it to interact with Adobe Target APIs (as well as other Adobe APIs). For example, you can Use Recommendations APIs to create or manage recommendations, or you can use it with the Target Delivery API.