This document walks you through how to create the certificates, keys, and tokens to be able to run.


To provide clear, reproducible steps to generate an Adobe IO bearer token to run API calls for DMA solutions like Target.


Steps to Create Bearer Token to Run Adobe IO API calls:

  1. Generate private key and public certificate
  2. Create integration within the Adobe IO console
  3. Generate JWT token
  4. Exchange JWT token for an Access Bearer token
  5. User Access Bearer token to run API calls
  1. Generate private key and public certificate per the following documentation:

    On a Mac, the following commands are built in terminal. 
    On a computer, you have to download Cygwin (or other tool of personal preference) and run it from command line. Here are the steps to download and install Cygwin:

    1. Browse to
    2. Download and run setup-x86_64.exe

    Note:  Your home directory  is: C:\cygwin64\home\WINDOWSUSER
    You can search for and install additional packages during the install phase. I recommend installing everything related to "curl" and "ssh."

    Here is the command to run:

    $ openssl req -nodes -text -x509 -newkey rsa:2048 -keyout secret.pem -out certificate.pem -days 356

    Note:  It asks you several questions that you have to fill out to generate the certificate, see screenshot below:


    After the files have been created, you convert the secret.key to secret.pem using the following command:

    $ openssl pkcs8 -topk8 -inform PEM -outform DER -in secret.pem  -nocrypt > secret.key

    Here are the files that are created on your file system (you may move these files to another location on your machine at this point for organization):



    The files are generated in your home directory: C:\cygwin64\home\WINDOWSUSER

  2. Create integration within the Adobe IO console:

    • Select "Access an API" option, then click "continue."
    • Select Adobe Solution (currently only available for Target).

    Note: User must be a user of the Experience Cloud AND have access to that solution.

    • Select "New integration" and click "Continue."
    • Fill out integration form.
    • Drag "certificate.pem" from file system into form to upload.
    • Once the file is uploaded, click "Create integration" button - see screenshot: fileuploaded_createint.
    • When processing is complete, click "continue to integration details."

    Success! You have now created an integration.

  3. Generate JSON Web Token (JWT):

    In the Integration UI, click the JWT tab, paste in private key, click Generate JWT button - see screenshot: generating JWT - input.

    • Once it is generated, you see the JWT and a sample CURL command.
    • Click "copy" icon below "Generated JWT."
  4. Exchange JWT for Bearer Access Token:

    Note: If you run this on a Mac terminal, the response seems to get truncated. Instead, use Postman.

    • Download and install free API tool named "Postman" (available on Mac, Windows, or Linux):
    • Import this api call into Postman by copying the code below into a text file on your computer with a .json extension:
    {"id":"f6854718-2800-64a8-238e-e785e344f6cf","name":"Exchange JWT for Bearer token","description":"","order":["048b6fc7-f1db-5028-ff21-45778613e2c5"],"folders":[],"folders_order":[],"timestamp":1516812553075,"owner":"860614","public":false,"events":[],"variables":[],"auth":null,"requests":[{"id":"048b6fc7-f1db-5028-ff21-45778613e2c5","name":"Exchange JWT for Bearer token","collectionId":"f6854718-2800-64a8-238e-e785e344f6cf","method":"POST","description":"JWT exchange flow","headers":"","dataMode":"params","data":[{"key":"client_id","value":"0fa5e762277c414f903649dd51424ac6","type":"text"},{"key":"client_secret","value":"9ff026f2-dfa4-4228-8dfa-11d809d4706b","type":"text"},{"key":"jwt_token","value":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0ODg4ODMzMzIsImlzcyI6IjY1NzhBNTU0NTZFODRFMjQ3RjAwMDEwMUBBZG9iZU9yZyIsInN1YiI6IjlDQjEyOTlENThCM0VDNkYwQTQ5NUM3RkB0ZWNoYWNjdC5hZG9iZS5jb20iLCJhdWQiOiJodHRwczovL2ltcy1uYTEuYWRvYmVsb2dpbi5jb20vYy8wZmE1ZTc2MjI3N2M0MTRmOTAzNjQ5ZGQ1MTQyNGFjNiIsImh0dHBzOi8vaW1zLW5hMS5hZG9iZWxvZ2luLmNvbS9zL2VudF9zbWFydGNvbnRlbnRfc2RrIjp0cnVlfQ.LwiDDjhwUfZ2ap89vfWd2ZVnfG-FwpQplKvzEecTLua_hvGNfQAZBPTHbVaXICPkeNjr41cRUr_OmNuOmtFOwVokUjd5rQCaGOqBNWWKPAyAAdXhBdE05oFa2Gar6adytKv-vf7gAnVQbv-PUADbCCtmxoOygbafXi9V3ZHz1FBwPJ8vpnZH4Il3zVf420XwnzLa9IB02nUciG_fQ0b1Qgj429Yi7m-lhW--2bMZKyNdSnioNaICFg6ASY1vnNm1zICPla224K_Lwzbrye8itgQStRUp1mH53Ww36xzqVxNIYLQCEoI9qxAJlR0HQhaXeSPrU9PmcExIyKBim2CZzg","type":"text"}],"rawModeData":"","url":"https:\/\/\/ims\/exchange\/jwt\/","responses":[],"pathVariableData":[],"queryParams":[],"headerData":[],"auth":null,"collection_id":"08283cc0-461e-155c-e07f-ca64bae1dcae","isFromCollection":true,"collectionRequestId":"29f7fc5f-7e6d-01d4-de86-2f273b8a6429","currentHelper":null,"helperAttributes":null}]}

    Example filename: exchangeJwt.json

    • Import file into Postman by going to file > Import: you can drag-and-drop the .json file here or browse for the file.
    • This creates a "collection" in Postman on the left side, with one API call in it named "Exchange JWT for Bearer token."
    • Click the API call "Exchange JWT for Bearer token."
    • In the main section of the UI, this is what you see:

    Note: as highlighted in red above, I'm in the "Body" tab. If you are in another tab, you do not see the three pieces of information that are required.

    Info Needed:
    client_id: get from Integration overview page
    client_secret: generate on Integration overview page
    jwt_token: paste in generated JWT token that you copied in previous step

    Click "Send."
    The bearer token is retrieved, which is used to make API calls.


    The access_token is what is used as part of the API calls you intend to run.

    "access_token": "eyJ4NXUiOiJpbXNfbmExLWtleS0xLmNlciIsImFsZyI6IlJTMjU2In0.eyJpZCI6IjE1MTY3NDgxNjU5MzZfMjdiNTkwYmUtYjVlYy00ZjhiLTkzNWEtZTAyMjZmYTZiYTk1X3VlMSIsImNsaWVudF9pZCI6IjQyOTkxMzRlNzRkNTRkNTZhY2YyYTc4YjcyYTdlNDFlIiwidXNlcl9pZCI6IjkwNTEyQTlDNUE2N0I3ODEwQTQ5NUM5NEB0ZWNoYWNjdC5hZG9iZS5jb20iLCJ0eXBlIjoiYWNjZXNzX3Rva2VuIiwiYXMiOiJpbXMtbmExIiwiZmciOiJTRDRZQUNZSEhQSDdPRkFBQUFBQUFBQUFFST09PT09PSIsIm1vaSI6IjM3NTliZjQxIiwiYyI6IndTVTd3b1hIZkZSQk5xQmo3M2Z4anc9PSIsImV4cGlyZXNfaW4iOiI4NjQwMDAwMCIsInNjb3BlIjoib3BlbmlkLEFkb2JlSUQsdGFyZ2V0X3NkayxyZWFkX29yZ2FuaXphdGlvbnMsYWRkaXRpb25hbF9pbmZvLnByb2plY3RlZFByb2R1Y3RDb250ZXh0IiwiY3JlYXRlZF9hdCI6IjE1MTY3NDgxNjU5MzYifQ.fVJVREKZH3PM71-Y05Kkqqxq_O_z7BL5NL6S4ypNoSwLuqR9WOiXsF0GYcWZr6oO-jgYj8WrRePQLkg4GSoVthSbbXU6aqajPV2TsFNHpXRuJFBhql0e2eVCEE_pVI9O_uCa8RloGjJuFyyEAvroQFEIJzC7Q-OAnkXMT7xD-3r1cEV2xP_N3s86t34M5udO4fjas3RCJtAS1BEZOotlF_rB0kfvCZR9Krf-SVi_VedpsK7ipoJGfs7CLdN-_a4YGTC2CBJXwdK-4T0QJRkWedr8ooS0tzzfVcQ4WEZfw1edi-OYSuIbXf-Obl5R9NCzi5RMceiGTyGMyRrEcmy3WQ"
  5. Example API call:

    • Target
    • Run Target call with access token

Additional information

Reference Documentation:


This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy