Getting started with the Privacy Service API

This guide provides an introduction to the core concepts you need to know before attempting to make calls to the Adobe Experience Platform Privacy Service API.

Prerequisites

This guide requires a working understanding of Privacy Service and how it allows you to manage access and delete requests from your data subjects (customers) across Adobe Experience Cloud applications.

In order to create access credentials for the API, an administrator within your organization must have previously set up product profiles for Privacy Service within Adobe Admin Console. The product profile you assign to an API integration determines what permissions that integration has when accessing Privacy Service capabilities. See the guide on managing Privacy Service permissions for more information.

Gather values for required headers

In order to make calls to the Privacy Service API, you must first gather your access credentials to be used in required headers:

  • Authorization: Bearer {ACCESS_TOKEN}
  • x-api-key: {API_KEY}
  • x-gw-ims-org-id: {ORG_ID}

These values are generated using Adobe Developer Console. Your {ORG_ID} and {API_KEY} only need to be generated once and can be reused in future API calls. However, your {ACCESS_TOKEN} is temporary and must be regenerated every 24 hours.

The steps for generating these values are covered in detail below.

One-time setup

Go to Adobe Developer Console and sign in with your Adobe ID. Next, follow the steps outlined in the tutorial on creating an empty project in the Developer Console documentation.

Once you have created a new project, select Add to Project and choose API from the dropdown menu.

The API option being selected from the Add to Project dropdown from the project details page in Developer Console

Select an API and generate a keypair

The Add an API screen appears. Select Experience Cloud to narrow the list of available APIs, then select the card for Privacy Service API before selecting Next.

The Privacy Service API card being selected from the list of available APIs

The Configure API screen appears. Select the option to Generate a key pair, then select Generate keypair.

The Generate a key pair option being selected on the Configure API screen

The key pair is automatically generated and a ZIP file containing a private key and a public certificate are downloaded by your browser (to be used in a later step). Select Next to continue.

The generated keypair shown in the UI, whose values are automatically downloaded by the browser

Assign permissions through product profiles

The final configuration step is to select the product profiles that this integration will inherit its permissions from. If you select more than one profile, their permission sets will be combined for the integration.

NOTE

Product profiles and the granular permissions they provide are created and managed by administrators through Adobe Admin Console. See the guide on Privacy Service permissions for more information.

When finished, select Save configured API.

A single product profile being selected from the list before saving the configuration

Once the API has been added to the project, the project page reappears on the Privacy Service API overview page. From here, scroll down to the Service Account (JWT) section, which provides the following access credentials that are required in all calls to the Privacy Service API:

  • CLIENT ID: The Client ID is the required {API_KEY} that must be provided in the x-api-key header.
  • ORGANIZATION ID: The Organization ID is the {ORG_ID} value that must be used in the x-gw-ims-org-id header.

The Client ID and Organization ID values as they appear on the project overview page after the API has been configured

Authentication for each session

The final required credential you must gather is your {ACCESS_TOKEN}, which is used in the Authorization header. Unlike the values for {API_KEY} and {ORG_ID}, a new token must be generated every 24 hours to continue using the API.

In general, there are two methods of generating an access token:

Generate a token manually

To manually generate a new {ACCESS_TOKEN}, open the previously downloaded private key and paste its contents into the text box beside Generate access token before selecting Generate Token.

The previously generated access token being pasted on the project's overview page, with the Generate Token button being selected after

A new access token is generated, and a button to copy the token to your clipboard is provided. This value is used for the required Authorization header, and must be provided in the format Bearer {ACCESS_TOKEN}.

The generated access token being copied from the UI

Automate token generation

You can generate new access tokens for automated processes by sending a JSON Web Token (JWT) through a POST request to Adobe Identity Management Service (IMS). See the Developer Console document on JWT authentication for detailed steps.

Reading sample API calls

Each endpoint guide provides example API calls to demonstrate how to format your requests. These include paths, required headers, and properly formatted request payloads. Sample JSON returned in API responses is also provided. For information on the conventions used in documentation for sample API calls, see the section on how to read example API calls in the getting started guide for Platform APIs.

Next steps

Now that you understand what headers to use, you are ready to begin making calls to the Privacy Service API. Select one of the endpoint guides to get started:

On this page