Bearer token and JWT generation fails for DA Admin API in AEM

Last update: Mon Sep 22 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

In Adobe Experience Manager as a Cloud Service (AEMaaCS) - Sites, generating a Bearer Token and JSON Web Token (JWT) for authenticating Document Authoring (DA) Admin API calls requires a server-to-server integration via Adobe Developer Console. Without proper configuration, authentication attempts fail with permission errors. To resolve the issue, configure OAuth credentials and generate tokens using the Adobe Developer Console.

Description description

Environment

Product: Adobe Experience Manager as a Cloud Service (AEMaaCS) - Sites
Constraints: Requires access to Adobe Developer Console and appropriate permissions
Instance: Development

Issue/Symptoms

Difficulties generating Bearer Tokens and JWTs needed for authenticating API calls to DA Admin APIs.
Errors such as 403 Forbidden occur when making API calls.

Resolution resolution

To resolve this issue, follow these steps:

Access the Adobe Developer Console.
Click Create new project.
Select Add API from the project dashboard.
Choose Cloud Manager as the API type and click Next.
Select Server-to-Server Authentication OAuth Server-to-Server and click Next.
Assign a Product Profile with permissions related to Experience Platform services.
Click the OAuth server-to-server authentication option in the profile settings.
Locate the Technical Account ID, then use the interface to generate an access token.

Use the generated Bearer Token in your API requests with the required parameters.

Example:

Endpoint: POST https://ims-na1.adobelogin.com/ims/token/v3
Headers:Content-Type: application/x-www-form-``urlencoded

Body Parameters:

code language-none

code language-none
`grant_type=client_credentials client_id=<your_client_id> client_secret=<your_client_secret> scope=openid,AdobeID,aem.frontend.all,read_organizations,additional_info.projectedProductContext,read_pc.dma_aem_ams`

grant_type=client_credentials
client_id=<your_client_id>
client_secret=<your_client_secret>
scope=openid,AdobeID,aem.frontend.all,read_organizations,additional_info.projectedProductContext,read_pc.dma_aem_ams

Note: Ensure that credentials match your integration setup in Adobe Developer Console and that permissions are correctly assigned on DA.

If the issue persists, schedule a support call or refer to the Adobe Developer Console documentation.

recommendation-more-help

3d58f420-19b5-47a0-a122-5c9dab55ec7f