Documentation

Authorization errors when configuring repoless environments in AEM as a Cloud Service

Last update: Thu Dec 04 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

When configuring repoless environments for EDS/xwalk projects in Adobe Experience Manager (AEM) as a Cloud Service. a 403 Forbidden [ admin] not authorized occurs. It happens due to missing administrative privileges required for accessing Admin APIs and creating organization configurations. To fix this, assign site-level admin access, use dedicated organizations where applicable, and ensure API tokens include the correct roles.

Description description

Environment

  • Product: Adobe Experience Manager (AEM) as a Cloud Service – Sites
  • Relevant feature: Repoless Environments

Issue/Symptoms

  • Attempts to use Admin APIs for configuring repoless environments result in 403 Forbidden [ admin] not authorized errors.
  • Administrative privileges are needed to create organization configurations.
  • Limitations are encountered due to permission scopes.

Resolution resolution

To resolve the error, follow these steps:

  1. Ensure users are added as site-level administrators for the specific site configuration. Confirm their admin status using the configuration URL. Refer to Configurations and the Configuration Browser for more details.
  2. Understand that organization-level administrative privileges (adobe-cm) can’t be extended to external partners or customers. Site-level access is sufficient for managing site-specific configurations. Learn more about Product Profile and Services user group permission management.
  3. If a dedicated organization like esieds is available, use it to simplify access management and avoid shared resource conflicts. Verify all required permissions within this organization.
  4. Generate API tokens that include the config_admin role. Refer to Generating Access Tokens for Server-Side APIs documentation to ensure tokens are correctly scoped and valid.
  5. Use valid tokens with the correct roles when making POST or GET requests via Admin APIs. Test against known working configurations to confirm token functionality.
  6. After applying changes, verify that permissions are functioning correctly at the site level. Re-test API calls to confirm successful execution without authorization errors.
recommendation-more-help
3d58f420-19b5-47a0-a122-5c9dab55ec7f