Starting Campaign v8.5, the authentication process to Campaign v8 is being improved. Technical operators must use Adobe Identity Management System (IMS) to connect to Campaign. A technical operator is a Campaign user profile which has been explicitly created for API integration. This article details the steps required to migrate a technical operator to technical account on Adobe Developer console.
Campaign regular users already connect to the Adobe Campaign console using their Adobe ID, through Adobe Identity Management System (IMS). As part of the effort to reinforce security and authentication process, Adobe Campaign Client application now calls Campaign APIs directly using the IMS technical account token.
Learn more about the new server to server authentication process in Adobe Developer Console documentation.
This change is applicable starting Campaign v8.5, and will be mandatory starting Campaign v8.6.
If you are using Campaign APIs, you need to migrate your technical operator(s) to Adobe Developer Console as detailed below.
Each technical operator should have at least one technical account.
Key steps are:
Before starting the migration process, you must reach out to your Adobe Transition Manager so that Adobe technical teams can migrate your existing Operator groups and Named rights to Adobe Identity Management System (IMS).
Integrations are created as part of a Project within Adobe Developer Console. Learn more about Projects in Adobe Developer Console documentation.
You can use any project previously created by you or you can create a new project. The steps to create a project are detailed in the Adobe Developer Console documentation.
For this migration, you must add below APIs in your project: I/O Management API and Adobe Campaign.
Once your project is created in the Adobe Developer Console, add an API that uses Server-to-Server authentication. Learn how to set up the OAuth Server-to-Server credential in Adobe Developer Console documentation.
When the API has been successfully connected, you can access the newly generated credentials including Client ID and Client Secret, as well as generate an access token.
You can now add your Campaign product profile to the project, as detailed below:
Open the Adobe Campaign API.
Click the Edit product profiles button
Assign all the relevant Product Profiles to the API, for example ‘messagecenter’, and save your changes.
Browse to the Credential details tab of your project, and copy the Technical Account Email value.
This step is only required if specific folder permissions or named rights have been defined for this operator (not via the operator’s group).
You now need to update the newly created technical operator in Adobe Campaign Client Console. You must apply the existing technical operator folder permissions to the new technical operator.
To update this operator, follow these steps:
The new technical operator must have made at least one API call to be added to Campaign Client Console.
To try out the connection, follow the steps detailed in the Adobe Developer Console credentials guide for generating an access token and copy the Sample cURL command provided.
You must update the API integrations with your third-party systems.
For further more details about API integration steps, including a sample code for smooth integration, refer to Adobe Developer Console authentication documentation.
After the migration of all API/custom code integration with Technical account user. You can delete the old technical operator from Campaign client console.
Once the migration process is achieved and validated, the Soap Calls are updated as below:
Before the migration: there was no support for Technical account access token.
POST /nl/jsp/soaprouter.jsp HTTP/1.1 Host: localhost:8080 Content-Type: application/soap+xml; SOAPAction: "nms:rtEvent#PushEvent" charset=utf-8 <?xml version="1.0" encoding="utf-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:nms:rtEvent"> <soapenv:Header/> <soapenv:Body> <urn:PushEvent> <urn:sessiontoken>SESSION_TOKEN</urn:sessiontoken> <urn:domEvent> <!--You may enter ANY elements at this point--> <rtEvent type="type" email="email@example.com"/> </urn:domEvent> </urn:PushEvent> </soapenv:Body> </soapenv:Envelope>
After the migration: there is support for Technical account access token. The access token is expected to be supplied in
Authorization header as Bearer token. Usage of session token should be ignored here, as shown in the below soap call sample.
POST /nl/jsp/soaprouter.jsp HTTP/1.1 Host: localhost:8080 Content-Type: application/soap+xml; SOAPAction: "nms:rtEvent#PushEvent" charset=utf-8 Authorization: Bearer <IMS_Technical_Token_Token> <?xml version="1.0" encoding="utf-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:nms:rtEvent"> <soapenv:Header/> <soapenv:Body> <urn:PushEvent> <urn:sessiontoken></urn:sessiontoken> <urn:domEvent> <!--You may enter ANY elements at this point--> <rtEvent type="type" email="firstname.lastname@example.org"/> </urn:domEvent> </urn:PushEvent> </soapenv:Body> </soapenv:Envelope>