With the v30 release, Adobe is changing the Direct Entitlement infrastructure. These changes are designed to lessen the load on publishers' entitlement servers, and enable future feature development. While these changes are not associated with any Direct Entitlement API changes, the client-server handshake and data flows will change. The new infrastructure has been designed to require no changes on the part of publishers.  

Summary of changes

Adobe will begin using an internal cloud-based service to provide proxy entitlement information. Enterprise publishers offering direct entitlement can still provide both authentication and entitlements, but the Adobe service will be able to cache entitlements on behalf of publishers.


API calls to SignInWithCredentials and RenewAuthToken continue to go directly from the consumer’s device to your direct entitlement service implementation. Adobe will cache an authToken and assume it to be good/value UNTIL either your direct entitlement server returns a “401” response or we expire the authToken based on configuration settings.


Calls to "entitlements" will be made from a consumer’s device to Adobe's Entitlement Service, which will contact your direct entitlement service for the list of entitlements. When your service returns entitlements to Adobe’s Entitlement Service, Adobe will cache the response (that is, the entitlement information) within our server. This process reduces server load on your implementation.


You will be able to control the timeout or time-to-live (TTL) values of both the authToken and entitlement information. A priority order determines which timeout and TTL values are used. In order of priority, the settings are:

  1. Cache control headers in the HTTP response
  2. Integrator-specific settings
  3. Adobe system-wide defaults (TTL for entitlements is 0 minutes, and TTL for authToken is 60 minutes)

You can override the Adobe defaults by including cache control headers in your HTTP responses. Or, you can provide Adobe with specific settings to associate with your integrator ID.

A cache control header is not required, but here’s an example to set the cache to 30 days:

"Cache-Control: max-age=2592000"

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy