Generate Service Credentials
Service Credentials generation is broken into two steps:
- A one-time Technical Account creation by an Adobe IMS Org administrator
- The download and use of the Technical Account’s Service Credentials JSON
Create a Technical Account
Service Credentials, unlike Local Development Access Tokens, require a Technical Account to be created by an Adobe Org IMS Administrator before they can be downloaded. Discrete Technical Accounts should be created for each client that requires programmatic access to AEM.
Technical Accounts are created once, however the Private Keys uses to manage Service Credentials associated with the Technical Account can be managed over time. For example, new Private Key/Service Credentials must be generated prior to the current Private Key’s expiration, to allow for uninterrupted access by a user of the Service Credentials.
-
Ensure you are logged in as a:
- Adobe IMS Org’s System Administrator
- Member of the AEM Administrators IMS Product Profile on AEM Author
-
Log in to Adobe Cloud Manager
-
Open the Program containing the AEM as a Cloud Service environment to integrate set up the Service Credentials for
-
Tap the ellipsis next to the environment in the Environments section, and select Developer Console
-
Tap in the Integrations tab
-
Tap the Technical Accounts tab
-
Tap Create new technical account button
-
The Technical Account’s Service Credentials are initialized and displayed as JSON
Once the AEM as Cloud Service environment’s Service Credentials have been initialized, other AEM developers in your Adobe IMS Org can download them.
Download Service Credentials
Downloading the Service Credentials follows the similar steps as the initialization.
-
Ensure you are logged in as a:
- Adobe IMS Org’s Administrator
- Member of the AEM Administrators IMS Product Profile on AEM Author
-
Log in to Adobe Cloud Manager
-
Open the Program containing the AEM as a Cloud Service environment to integrate with
-
Tap the ellipsis next to the environment in the Environments section, and select Developer Console
-
Tap in the Integrations tab
-
Tap the Technical Accounts tab
-
Expand the Technical Account to be used
-
Expand the Private Key whose Service Credentials will be downloaded, and verify that the status is Active
-
Tap on the … > View associated with the Private Key, which displays the Service Credentials JSON
-
Tap on the download button in the top-left corner to download the JSON file containing the Service Credentials value, and save the file to a safe location
Install the Service Credentials
The Service Credentials provide the details needed to generate a JWT, which is exchanged for an access token used to authenticate with AEM as a Cloud Service. The Service Credentials must be stored in a secure location accessible by the external applications, systems, or services that use it to access AEM. How and where the Service Credentials are managed are unique per customer.
For simplicity, this tutorial passes the Service Credentials in via the command line. However, work with your IT Security team to understand how to store and access these credentials in accordance with your organization’s security guidelines.
- Copy the downloaded the Service Credentials JSON to a file named
service_token.json
in the root of the project- Remember, never commit any credentials to Git!