Authenticate and access Experience Platform APIs

This document provides a step-by-step tutorial for gaining access to an Adobe Experience Platform developer account in order to make calls to Experience Platform APIs.

Authenticate to make API calls

To maintain the security of your applications and users, all requests to Adobe I/O APIs must be authenticated and authorized using standards such as OAuth and JSON Web Tokens (JWT). The JWT is then used along with client-specific information to generate your personal access token.

This tutorial covers the steps of authentication through the creation of an access token outlined in the following flowchart:


In order to successfully make calls to Experience Platform APIs, you require the following:

  • An IMS Organization with access to Adobe Experience Platform
  • A registered Adobe ID account
  • An Admin Console administrator to add you as a developer and a user for a product.

The following sections walk through the steps to create an Adobe ID and become a developer and user for an organization.

Create an Adobe ID

If you do not have an Adobe ID, you can create one using the following steps:

  1. Go to Adobe Developer Console
  2. Select create a new account
  3. Complete the sign up process

Become a developer and user for Experience Platform for an organization

Before creating integrations on Adobe I/O, your account must have developer permissions for a product in an IMS Organization. Detailed information about developer accounts on the Admin Console can be found in the support document for managing developers.

Gain developer access

Contact an Admin Console administrator in your Organization to add you as a developer for one of your Organization’s products using the Admin Console.

The administrator must assign you as a developer to at least one product profile to proceed.

Once you are assigned as a developer, you will have access privileges to create integrations on Adobe I/O. These integrations are a pipeline from external apps and services to the Adobe API.

Gain user access

Your Admin Console administrator must also add you to the product as a user.

Similar to the process for adding a developer, the administrator must assign you to at least one product profile in order to proceed.

Generate access credentials in Adobe Developer Console


If you are following this document from the Privacy Service developer guide, you can now return to that guide to generate the access credentials unique to Privacy Service.

Using Adobe Developer Console, you must generate the following three access credentials:

  • {IMS_ORG}
  • {API_KEY}

Your {IMS_ORG} and {API_KEY} only need to be generated once and can be reused in future Platform API calls. However, your {ACCESS_TOKEN} is temporary and must be regenerated every 24 hours.

The steps are covered in detail below.

One-time setup

Go to Adobe Developer Console and sign in with your Adobe ID. Next, follow the steps outlined in the tutorial on creating an empty project in the Adobe Developer Console documentation.

Once you have created a new project, select Add API on the Project Overview screen.

The Add an API screen appears. Select the product icon for Adobe Experience Platform, then choose Experience Platform API before selecting Next.

Once you have selected Experience Platform as the API to be added to the project, follow the steps outlined in the tutorial on adding an API to a project using a service account (JWT) (starting from the “Configure API” step) to finish the process.

Once the API has been added to the project, the Project overview page displays the following credentials that are required in all calls to Experience Platform APIs:

  • {API_KEY} (Client ID)
  • {IMS_ORG} (Organization ID)

Authentication for each session

The final required credential you must gather is your {ACCESS_TOKEN}. Unlike the values for {API_KEY} and {IMS_ORG}, a new token must be generated every 24 hours to continue using Platform APIs.

To generate a new {ACCESS_TOKEN}, follow the steps to generate a JWT token in the Developer Console credentials guide.

Test access credentials

Once you have gathered all three required credentials, you can try to make the following API call. This call will list all Experience Data Model (XDM) classes within the Schema Registry’s global container:

API format

GET /global/classes


curl -X GET \
  -H 'Accept: application/vnd.adobe.xed-id+json' \
  -H 'Authorization: Bearer {ACCESS_TOKEN}' \
  -H 'x-api-key: {API_KEY}' \
  -H 'x-gw-ims-org-id: {IMS_ORG}'


If your response is similar to the one shown below, then your credentials are valid and working. (This response has been truncated for space.)

  "results": [
        "title": "XDM ExperienceEvent",
        "$id": "",
        "meta:altId": "_xdm.context.experienceevent",
        "version": "1"
        "title": "XDM Individual Profile",
        "$id": "",
        "meta:altId": "_xdm.context.profile",
        "version": "1"

Use Postman for JWT authentication and API calls

Postman is a popular tool to work with RESTful APIs. This Medium post describes how you can set up postman to automatically perform JWT authentication and use it to consume Adobe Experience Platform APIs.

Next steps

By reading this document, you have gathered and successfully tested your access credentials for Platform APIs. You can now follow along with the example API calls provided throughout the documentation.

In addition to the authentication values you have gathered in this tutorial, many Platform APIs also require a valid {SANDBOX_NAME} to be provided as a header. See the sandboxes overview for more information.

On this page

Adobe Summit Banner

A virtual event April 27-28.

Expand your skills and get inspired.

Register for free
Adobe Summit Banner

A virtual event April 27-28.

Expand your skills and get inspired.

Register for free