Steps to gain API access

Steps to gain API access

Before you can access the APIs listed above, you must obtain access credentials from the Adobe Developer Portal. To do this, you must sign in as a user with administrative privilege for your organization. Use the Enterprise Dashboard to grant administrative privilege to users.

There are four steps that are required to access the APIs:

1.      Create or purchase a valid digital signing certificate.

2.      Sign into the Developer Portal as an admin user and get a set of credentials (you will need the public key obtained as part of the certificate creation)

3.      Use the credentials you receive to create a JSON Web Token (JWT).

4.      Use the JWT token to obtain the access token that you must pass to every API call.

Your programs or scripts will use the JWT to obtain the access token that you must pass to every user-access API call in the Authorization : Bearer header. An
access token typically expires after 24 hours, or when you explicitly log out. This type of token cannot be refreshed.  

Step 1: Create a certificate

A certificate is a public key, created using a private key. Adobe uses the public key to verify request credentials that you have signed with your private key.

  1. Create or purchase a valid digital signing certificate. You can purchase one from a vendor, or create your own using openssh in Mac OS, or Cygwin in Windows, which includes openssh.
  2. Submit the public key to Adobe in the developer portal.
  3. Retain the private key securely. It cannot be recovered or replaced.  

For more details on creating a certificate, see the section on “Certificates creation”.

Step 2: Get and secure your credentials

To get your credentials, you will need to do the following:

  1. Log into the Developer Portal ( as an Adobe user who has been assigned administrative privilege for your organization.
  2. Navigate to the API Keys tab and click "+ New API Key". The API Keys page appears.
  3. Select an Organization.
  4. Enter an Api Key Name and Description. If you have multiple applications, you can use these values to keep track of which credentials go with which applications.
  5. Upload the public key of the certificate that you have created or purchased.
  7. A dialog shows your new credentials: 

You are responsible for saving the credential values and keeping them in a secure location. You must protect them at least as well as you would protect an account name and password. The best practice is to store the key file in a credential management system or use a file system protection so that it can only be accessed by authorized users.

Step 3: Create a JSON web token (JWT)

Use your credentials (the API key and secret, technical account ID, and organization ID) to create a JSON Web Token (JWT), and sign it with your private key. The JWT encodes all of the identity and security information that Adobe needs to verify your identity and grant you access to the Target APIs specified in the Background section. Public libraries are available for creating a JWT. The JWT must be digitally signed and base-64 encoded for inclusion in the access request.  

For more details on creating a JSON Web Token, see the section on “Creating a JSON Web Token” 

Step 4: Obtain an access token

To initiate a user-management session, you use
the JWT to obtain an access token from Adobe, make a POST request to:


The body of the request contains URL-encoded parameters with your API client ID, client secret, and JWT:


This call is the equivalent of a log-in. The response contains an OAuth access token. The token is valid for a fixed period of time, as configured for your application. You must pass a valid access token to each request that you make to the Target APIs.

For more details, see the section on “Access Token Exchange”.

Any questions?

Have a question about this or any other AEM topic? Ask our Community.
Learn more about AEM topics on our help hub.
Was this helpful?

By submitting your feedback, you accept the Adobe Terms of Use.

Thank you for submitting your feedback.