Authenticate and access Experience Platform APIs
This document provides a step-by-step tutorial for gaining access to an ÃÛ¶¹ÊÓƵ Experience Platform developer account in order to make calls to Experience Platform APIs. At the end of this tutorial, you will have generated or collected the following credentials that are required as headers in all Platform API calls:
{ACCESS_TOKEN}
{API_KEY}
{ORG_ID}
{SANDBOX_NAME}
to be provided as a header. See the sandboxes overview for more information about sandboxes and the sandbox management endpoint documentation for information about listing the sandboxes available to your organization.To maintain the security of your applications and users, all requests to Experience Platform APIs must be authenticated and authorized using standards such as OAuth.
This tutorial covers how to gather the required credentials to authenticate Platform API calls, as outlined in the flowchart below. You can gather most of the required credentials in the initial one-time setup. The access token, however, must be refreshed every 24-hours.
Prerequisites prerequisites
In order to successfully make calls to Experience Platform APIs, you must have the following:
- An organization with access to ÃÛ¶¹ÊÓƵ Experience Platform.
- An Admin Console administrator that is able to add you as a developer and a user for a product profile.
- An Experience Platform system administrator who can grant you the necessary attribute based access controls to perform read or write operations on different parts of Experience Platform through APIs.
You must also have an ÃÛ¶¹ÊÓƵ ID to complete this tutorial. If you do not have an ÃÛ¶¹ÊÓƵ ID, you can create one using the following steps:
- Go to .
- Select Create a new account.
- Complete the sign-up process.
Gain developer and user access for Experience Platform gain-developer-user-access
Before creating integrations on ÃÛ¶¹ÊÓƵ Developer Console, your account must have developer and user permissions for an Experience Platform product profile in ÃÛ¶¹ÊÓƵ Admin Console.
Gain developer access gain-developer-access
Contact an Admin Console administrator in your organization to add you as a developer to an Experience Platform product profile using the . See the Admin Console documentation for specific instructions on how to .
Once you are assigned as a developer, you can start creating integrations in . These integrations are a pipeline from external apps and services to ÃÛ¶¹ÊÓƵ APIs.
Gain user access gain-user-access
Your Admin Console administrator must also add you as a user to the same product profile. With user access, you can see in the UI the outcome of the API operations that you perform.
See the guide on for more information.
Generate an API key (client ID) and organization ID generate-credentials
After you have been given developer and user access to Platform through Admin Console, the next step is to generate your {ORG_ID}
and {API_KEY}
credentials in ÃÛ¶¹ÊÓƵ Developer Console. These credentials only need to be generated once and can be reused in future Platform API calls.
Add Experience Platform to a project add-platform-to-project
Go to and sign in with your ÃÛ¶¹ÊÓƵ ID. Next, follow the steps outlined in the tutorial on in the ÃÛ¶¹ÊÓƵ Developer Console documentation.
Once you have created a new project, select Add API on the Project Overview screen.
The Add an API screen appears. Select the product icon for ÃÛ¶¹ÊÓƵ Experience Platform, then choose Experience Platform API before selecting Next.
Select the OAuth Server-to-Server authentication type select-oauth-server-to-server
Next, select the OAuth Server-to-Server authentication type to generate access tokens and access the Experience Platform API.
Select the product profiles for your integration select-product-profiles
In the Configure API screen, select AEP-Default-All-Users.
Select Save configured API when you are ready.
A walkthrough of the steps described above to set up an integration with the Experience Platform API is also available in the video tutorial below:
Gather credentials gather-credentials
Once the API has been added to the project, the Experience Platform API page for the project displays the following credentials that are required in all calls to Experience Platform APIs:
{API_KEY}
(Client ID){ORG_ID}
(Organization ID)
Generate an access token generate-access-token
The next step is to generate an {ACCESS_TOKEN}
credential for use in Platform API calls. Unlike the values for {API_KEY}
and {ORG_ID}
, a new token must be generated every 24 hours to continue using Platform APIs. Select Generate access token, as shown below.
Create and retrieve authentication credentials directly in the API reference documentation get-credentials-functionality
Starting with the November 2024 release of Experience Platform, you can get credentials to use the Experience Platform APIs directly from the API reference pages, without needing to go to Developer Console. View the example below from the .
To get credentials to call Platform APIs, navigate to any Experience Platform API reference page and select Sign in at the top of the page. Sign in with your Personal Account or Company or School Account.
After signing in, select Create new credential to create a new set of credentials to access Platform APIs.
Next, use the dropdown selector to open the credentials window, generate an access token, and get your API key and organization ID. Copy the credentials into the Try it blocks on the API reference pages to start working with Platform APIs.
[Deprecated]{class="badge negative"} Generate a JSON Web Token (JWT) jwt
The next step is to generate a JSON Web Token (JWT) based on your account credentials. This value is used to generate your {ACCESS_TOKEN}
credential for use in Platform API calls, which must be regenerated every 24 hours.
note important |
---|
IMPORTANT |
For the purposes of this tutorial, the steps below outline how to generate a JWT within Developer Console. However, this generation method should only be used for testing and evaluation purposes. |
For regular use, the JWT must be generated automatically. For more information on how to programmatically generate JWTs, see the on ÃÛ¶¹ÊÓƵ Developer. |
Select Service Account (JWT) in the left navigation, then select Generate JWT.
In the textbox provided under Generate custom JWT, paste the contents of the private key that you previously generated when adding the Platform API to your service account. Then, select Generate Token.
The page updates to show the generated JWT, along with a sample cURL command that allows you to generate an access token. For the purposes of this tutorial, select Copy next to Generated JWT to copy the token to your clipboard.
Generate an access token
Once you have generated a JWT, you can use it in an API call to generate your {ACCESS_TOKEN}
. Unlike the values for {API_KEY}
and {ORG_ID}
, a new token must be generated every 24 hours to continue using Platform APIs.
Request
The following request generates a new {ACCESS_TOKEN}
based on the credentials provided in the payload. This endpoint only accepts form data as its payload, and therefore it must be given a Content-Type
header of multipart/form-data
.
code language-shell |
---|
|
table 0-row-2 1-row-2 2-row-2 3-row-2 | |
---|---|
Property | Description |
{API_KEY} |
The {API_KEY} (Client ID) that you retrieved in a previous step. |
{SECRET} |
The client secret that you retrieved in a previous step. |
{JWT} |
The JWT that you generated in a previous step. |
note note |
---|
NOTE |
You can use the same API key, client secret, and JWT to generate a new access token for each session. This allows you to automate access token generation in your applications. |
Response
code language-json |
---|
|
table 0-row-2 1-row-2 2-row-2 3-row-2 | |
---|---|
Property | Description |
token_type |
The type of token being returned. For access tokens, this value is always bearer . |
access_token |
The generated {ACCESS_TOKEN} . This value, prefixed with the word Bearer , is required as the Authentication header for all Platform API calls. |
expires_in |
The number of milliseconds remaining until the access token expires. Once this value reaches 0, a new access token must be generated to continue using Platform APIs. |
Test access credentials test-credentials
Once you have gathered all three required credentials - access token, API key, and Organization ID - , you can try to make the following API call. This call lists all standard Experience Data Model (XDM) classes available to your organization. Import and execute the call in Postman.
Request
curl -X GET https://platform.adobe.io/data/foundation/schemaregistry/global/classes \
-H 'Accept: application/vnd.adobe.xed-id+json' \
-H 'Authorization: Bearer {{ACCESS_TOKEN}}' \
-H 'x-api-key: {{API_KEY}}' \
-H 'x-gw-ims-org-id: {{ORG_ID}}'
Response
If your response is similar to the one shown below, then your credentials are valid and working. (This response has been truncated for space.)
{
"results": [
{
"title": "XDM ExperienceEvent",
"$id": "https://ns.adobe.com/xdm/context/experienceevent",
"meta:altId": "_xdm.context.experienceevent",
"version": "1"
},
{
"title": "XDM Individual Profile",
"$id": "https://ns.adobe.com/xdm/context/profile",
"meta:altId": "_xdm.context.profile",
"version": "1"
}
]
}
Get the necessary attribute-based access control permissions get-abac-permissions
To access or modify several resources within Experience Platform, you must have the appropriate access control permissions. System administrators can grant you the permissions you need. Get more information in the section about managing API credentials for a role.
Detailed information about how a system administrator can grant the required permissions to access Platform resources through the API is also available in the video tutorial below:
Use Postman to authenticate and test API calls use-postman
is a popular tool that allows developers to explore and test RESTful APIs. You can use Experience Platform Postman collections and environments to speed up your work with Experience Platform APIs. Read more about using Postman in Experience Platform and getting started with collections and environments.
Detailed information about using Postman with Experience Platform collections and environments is also available in the video tutorials below:
Download and import a Postman environment to use with Experience Platform APIs
Use a Postman collection to generate access tokens
Download the and watch the video below to learn how to generate access tokens.
Download Experience Platform API Postman collections and interact with the APIs
Alright, after we’ve generated our access token, we can begin interacting with ÃÛ¶¹ÊÓƵ IO APIs. In this video, I interact with experienced platform APIs, using ÃÛ¶¹ÊÓƵ-provided Postman collections. To access these collections, head over to the experience-platform-postman-samples GitHub repository, navigate into APIs, Experience Platform, and there’s a Postman collection for each of the APIs available. For this video, I load a single collection for the Schema Registry API.
Once we’ve downloaded all the collections that we want to use, let’s head back to Postman, select import, and load all the Postman collection files.
As you can see, we have our Schema Registry API collection, and within this are a number of folders, and within each folder, are the HTTP requests we can make to interact with the API. Let’s keep this simple, and interact with the stats API.
So we can simply open this up, we can look at the headers, which are mapped to the environment variables, which are provided by the ÃÛ¶¹ÊÓƵ API environment export, as well as the access token, which we obtained from the ÃÛ¶¹ÊÓƵ IO access token generation Postman collection. Alright, so let’s try this out. We just hit send, to execute the API command, and there you go, we’ve successfully interacted with experienced platforms, a Schema Registry API, using Postman.
System administrators: Grant developer and API access control with Experience Platform permissions grant-developer-and-api-access-control
Before creating integrations on ÃÛ¶¹ÊÓƵ Developer Console, your account must have developer and user permissions for an Experience Platform product profile in ÃÛ¶¹ÊÓƵ Admin Console.
Add developers to product profile add-developers-to-product-profile
Go to and sign in with your ÃÛ¶¹ÊÓƵ ID.
Select Products, then select ÃÛ¶¹ÊÓƵ Experience Platform from the list of products.
From the Product Profiles tab, select AEP-Default-All-Users. Alternatively, use the search bar to search for the product profile by entering the name.
Select the Developers tab, then select Add Developer.
Enter the developer’s Email or username. A valid Email or username will display the developer details. Select Save.
The developer has been successfully added and appears on the Developers tab.
Assign API to a role
A system admin can assign APIs to roles in the Experience Platform UI.
Select Permissions and the role you want to add the API to. Select the API credentials tab, then select Add API credentials.
Select the API you would like to add to the role then select Save.
You are returned to the API credentials tab, where the newly added API is listed.
Additional resources additional-resources
Refer to the additional resources linked below for further help getting started with Experience Platform APIs
- Authenticate and access Experience Platform APIs video tutorials page
- for generating access tokens
Next steps next-steps
By reading this document, you have gathered and successfully tested your access credentials for Platform APIs. You can now follow along with the example API calls provided throughout the documentation.
In addition to the authentication values you have gathered in this tutorial, many Platform APIs also require a valid {SANDBOX_NAME}
to be provided as a header. See the sandboxes overview for more information.