Access token exchange

Access token exchange

To establish a secure session, you create a JWT that encapsulates your identity information and exchange it for an access token. Every call to the Target API endpoints must be authorized with this access token in the Authorization header, along with the API key you created when you set up your API client in the Developer Portal.

The access token is valid for 24 hours after it is created in response to the exchange request. You can request multiple access tokens. Previous tokens are not invalidated when a new one is issued. You can authorize requests with any valid access token.

Access request syntax

Exchange your JWT for an API access token by making a POST request to the Adobe identity service.


Request parameters

Pass URL-encoded parameters in the body of your POST request:


The API key assigned to your API client account.


The client secret assigned to your API client account.


The base-64 encoded JSON token that encapsulates your identity information, signed with the private key for any certificate that you have associated with your API key.

Constructing an access request

To obtain an access token for the Target APIs, this part of the script constructs a request that contains the JSON Web Token (JWT), and receives the access token in the response. First, we set variables for request URL and headers.

The credentials are placed in the body of the POST request. Notice that the "client_id" value is your API key.

Finally, we connect to the server, send the request, and receive the response.

If the request is successful, we extract the access token from the body of the response. For this demonstration, we print the result.

Any questions?

Have a question about this or any other AEM topic? Ask our Community.
Learn more about AEM topics on our help hub.
Was this helpful?

By submitting your feedback, you accept the Adobe Terms of Use.

Thank you for submitting your feedback.