This document walks you through how to create the certificates, keys, and tokens to be able to run.

Objective

To provide clear, reproducible steps to generate an Adobe IO bearer token to run API calls for DMA solutions like Target.

Steps

Steps to Create Bearer Token to Run Adobe IO API calls:

  1. Generate private key and public certificate
  2. Create integration within the Adobe IO console
  3. Generate JWT token
  4. Exchange JWT token for an Access Bearer token
  5. User Access Bearer token to run API calls
  1. Generate private key and public certificate per the following documentation: https://www.adobe.io/apis/cloudplatform/console/authentication/createcert.html

    On a Mac, the following commands are built in terminal. 
    On a computer, you have to download Cygwin (or other tool of personal preference) and run it from command line. Here are the steps to download and install Cygwin:

    1. Browse to https://cygwin.com/install.html
    2. Download and run setup-x86_64.exe

    Note:  Your home directory  is: C:\cygwin64\home\WINDOWSUSER
    You can search for and install additional packages during the install phase. I recommend installing everything related to "curl" and "ssh."

    Here is the command to run:

    $ openssl req -nodes -text -x509 -newkey rsa:2048 -keyout secret.pem -out certificate.pem -days 356

    Note:  It asks you several questions that you have to fill out to generate the certificate, see screenshot below:

    rtaImage

    After the files have been created, you convert the secret.key to secret.pem using the following command:

    $ openssl pkcs8 -topk8 -inform PEM -outform DER -in secret.pem  -nocrypt > secret.key

    Here are the files that are created on your file system (you may move these files to another location on your machine at this point for organization):

    rtaimage_1_

    Poznámka:

    The files are generated in your home directory: C:\cygwin64\home\WINDOWSUSER

  2. Create integration within the Adobe IO console:

    rtaimage_2_
    • Select "Access an API" option, then click "continue."
    rtaimage_3_
    • Select Adobe Solution (currently only available for Target).

    Note: User must be a user of the Experience Cloud AND have access to that solution.

    rtaimage_4_
    • Select "New integration" and click "Continue."
    rtaimage_5_
    • Fill out integration form.
    rtaimage_6_
    • Drag "certificate.pem" from file system into form to upload.
    rtaimage_7_
    • Once the file is uploaded, click "Create integration" button - see screenshot: fileuploaded_createint.
    rtaimage_8_
    • When processing is complete, click "continue to integration details."
    rtaimage_9_

    Success! You have now created an integration.

    rtaimage_10_
  3. Generate JSON Web Token (JWT):

    In the Integration UI, click the JWT tab, paste in private key, click Generate JWT button - see screenshot: generating JWT - input.

    rtaimage_11_
    • Once it is generated, you see the JWT and a sample CURL command.
    • Click "copy" icon below "Generated JWT."
    rtaimage_12_
  4. Exchange JWT for Bearer Access Token:

    Note: If you run this on a Mac terminal, the response seems to get truncated. Instead, use Postman.

    • Download and install free API tool named "Postman" (available on Mac, Windows, or Linux): https://www.getpostman.com/
    • Import this api call into Postman by copying the code below into a text file on your computer with a .json extension:
    {"id":"f6854718-2800-64a8-238e-e785e344f6cf","name":"Exchange JWT for Bearer token","description":"","order":["048b6fc7-f1db-5028-ff21-45778613e2c5"],"folders":[],"folders_order":[],"timestamp":1516812553075,"owner":"860614","public":false,"events":[],"variables":[],"auth":null,"requests":[{"id":"048b6fc7-f1db-5028-ff21-45778613e2c5","name":"Exchange JWT for Bearer token","collectionId":"f6854718-2800-64a8-238e-e785e344f6cf","method":"POST","description":"JWT exchange flow","headers":"","dataMode":"params","data":[{"key":"client_id","value":"0fa5e762277c414f903649dd51424ac6","type":"text"},{"key":"client_secret","value":"9ff026f2-dfa4-4228-8dfa-11d809d4706b","type":"text"},{"key":"jwt_token","value":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0ODg4ODMzMzIsImlzcyI6IjY1NzhBNTU0NTZFODRFMjQ3RjAwMDEwMUBBZG9iZU9yZyIsInN1YiI6IjlDQjEyOTlENThCM0VDNkYwQTQ5NUM3RkB0ZWNoYWNjdC5hZG9iZS5jb20iLCJhdWQiOiJodHRwczovL2ltcy1uYTEuYWRvYmVsb2dpbi5jb20vYy8wZmE1ZTc2MjI3N2M0MTRmOTAzNjQ5ZGQ1MTQyNGFjNiIsImh0dHBzOi8vaW1zLW5hMS5hZG9iZWxvZ2luLmNvbS9zL2VudF9zbWFydGNvbnRlbnRfc2RrIjp0cnVlfQ.LwiDDjhwUfZ2ap89vfWd2ZVnfG-FwpQplKvzEecTLua_hvGNfQAZBPTHbVaXICPkeNjr41cRUr_OmNuOmtFOwVokUjd5rQCaGOqBNWWKPAyAAdXhBdE05oFa2Gar6adytKv-vf7gAnVQbv-PUADbCCtmxoOygbafXi9V3ZHz1FBwPJ8vpnZH4Il3zVf420XwnzLa9IB02nUciG_fQ0b1Qgj429Yi7m-lhW--2bMZKyNdSnioNaICFg6ASY1vnNm1zICPla224K_Lwzbrye8itgQStRUp1mH53Ww36xzqVxNIYLQCEoI9qxAJlR0HQhaXeSPrU9PmcExIyKBim2CZzg","type":"text"}],"rawModeData":"","url":"https:\/\/ims-na1.adobelogin.com\/ims\/exchange\/jwt\/","responses":[],"pathVariableData":[],"queryParams":[],"headerData":[],"auth":null,"collection_id":"08283cc0-461e-155c-e07f-ca64bae1dcae","isFromCollection":true,"collectionRequestId":"29f7fc5f-7e6d-01d4-de86-2f273b8a6429","currentHelper":null,"helperAttributes":null}]}

    Example filename: exchangeJwt.json

    rtaimage_13_
    • Import file into Postman by going to file > Import: you can drag-and-drop the .json file here or browse for the file.
    rtaimage_14_
    • This creates a "collection" in Postman on the left side, with one API call in it named "Exchange JWT for Bearer token."
    rtaimage_15_
    • Click the API call "Exchange JWT for Bearer token."
    • In the main section of the UI, this is what you see:
    rtaimage_16_

    Note: as highlighted in red above, I'm in the "Body" tab. If you are in another tab, you do not see the three pieces of information that are required.

    Info Needed:
    client_id: get from Integration overview page
    client_secret: generate on Integration overview page
    jwt_token: paste in generated JWT token that you copied in previous step

    Click "Send."
    The bearer token is retrieved, which is used to make API calls.

    rtaimage_17_

    The access_token is what is used as part of the API calls you intend to run.

    "access_token": "eyJ4NXUiOiJpbXNfbmExLWtleS0xLmNlciIsImFsZyI6IlJTMjU2In0.eyJpZCI6IjE1MTY3NDgxNjU5MzZfMjdiNTkwYmUtYjVlYy00ZjhiLTkzNWEtZTAyMjZmYTZiYTk1X3VlMSIsImNsaWVudF9pZCI6IjQyOTkxMzRlNzRkNTRkNTZhY2YyYTc4YjcyYTdlNDFlIiwidXNlcl9pZCI6IjkwNTEyQTlDNUE2N0I3ODEwQTQ5NUM5NEB0ZWNoYWNjdC5hZG9iZS5jb20iLCJ0eXBlIjoiYWNjZXNzX3Rva2VuIiwiYXMiOiJpbXMtbmExIiwiZmciOiJTRDRZQUNZSEhQSDdPRkFBQUFBQUFBQUFFST09PT09PSIsIm1vaSI6IjM3NTliZjQxIiwiYyI6IndTVTd3b1hIZkZSQk5xQmo3M2Z4anc9PSIsImV4cGlyZXNfaW4iOiI4NjQwMDAwMCIsInNjb3BlIjoib3BlbmlkLEFkb2JlSUQsdGFyZ2V0X3NkayxyZWFkX29yZ2FuaXphdGlvbnMsYWRkaXRpb25hbF9pbmZvLnByb2plY3RlZFByb2R1Y3RDb250ZXh0IiwiY3JlYXRlZF9hdCI6IjE1MTY3NDgxNjU5MzYifQ.fVJVREKZH3PM71-Y05Kkqqxq_O_z7BL5NL6S4ypNoSwLuqR9WOiXsF0GYcWZr6oO-jgYj8WrRePQLkg4GSoVthSbbXU6aqajPV2TsFNHpXRuJFBhql0e2eVCEE_pVI9O_uCa8RloGjJuFyyEAvroQFEIJzC7Q-OAnkXMT7xD-3r1cEV2xP_N3s86t34M5udO4fjas3RCJtAS1BEZOotlF_rB0kfvCZR9Krf-SVi_VedpsK7ipoJGfs7CLdN-_a4YGTC2CBJXwdK-4T0QJRkWedr8ooS0tzzfVcQ4WEZfw1edi-OYSuIbXf-Obl5R9NCzi5RMceiGTyGMyRrEcmy3WQ"
  5. Example API call:

    • Target
    • Run Target call with access token
    rtaimage_18_

Additional information

Reference Documentation:

Stáhnout

Tato práce podléhá licenci Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.  Na příspěvky ze služeb Twitter™ a Facebook se nevztahují podmínky licence Creative Commons.

Právní upozornění   |   Zásady ochrany osobních údajů online