DocumentationAEM as a Cloud ServiceUser Guide

JWT (JSON Web Token) Server-to-Server Authentication

Last update: Thu Feb 05 2026 00:00:00 GMT+0000 (Coordinated Universal Time)
  • Applies to:
  • Experience Manager as a Cloud Service

CREATED FOR:

  • Admin
  • Developer
  • User

JWT server-to-server authentication in AEM Forms, particularly for server-side integrations with AEM as a Cloud Service, involves a specific process to securely interact with AEM services. JWT server-to-server authentication is supported by AEM Developer Console.

Prerequisites

Before you begin, make sure the following prerequisites are met:

How to Generate an Access Token Using JWT Credentials?

Follow the steps below which shows you how to generate an access token from the JWT credentials.

  1. Adobe Cloud Manager

    1. Log in to your Cloud Manager account.

    2. On your selected program, click Program Overview.

      Cloud Manager Account

    3. On your program, click three-dots menu and select Developer Console.

      Developer Console

  2. AEM Developer Console

    1. Login in AEM Developer Console

    2. Click Integrations located on the upper menu bar.

      Integrations

    3. Click the option to Create new technical account.

      Create new technical account

    Once you click on create a new technical account, required information to generate access token such as client id and client secret along with other technical account information including private key, public key, expiration date generates.

    JWT Credentials

  3. Generate and Save Credentials

    1. Record API Credentials

      code language-text 
      API Credentials:
================
Client ID: <your_client_id>
Client Secret: <your_client_secret>
Technical Account ID: <tech_account_id>
Organization ID: <org_id>
Scopes: AdobeID,openid,read_organizations

  4. Access Token Generation

    Generate tokens programmatically using cURL command:

    Required Credentials:

    • Client ID
    • Client Secret
    • Scopes (typically: openid, AdobeID, read_organizations, additional_info.projectedProductContext, read_pc.dma_aem_cloud, aem.document)

    Token Endpoint:

    code language-none 
    https://ims-na1.adobelogin.com/ims/token/v3

    Sample Request (cURL):

    code language-bash 
    curl -X POST 'https://ims-na1.adobelogin.com/ims/token/v3' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials' \
-d 'client_id=<YOUR_CLIENT_ID>' \
-d 'client_secret=<YOUR_CLIENT_SECRET>' \
-d 'scope=AdobeID,openid,read_organizations'

    Response:

    code language-json 
    {
"access_token": "eyJhbGciOiJSUz...",
"token_type": "bearer",
"expires_in": 86399
}
NOTE
To learn more about service credentials and how to generate an access token using the Adobe IMS API, click here.

You can now use the generated access token to make API call for development, stage, or production environments.

Learn how to set environment for Synchronous (On-Demand) and Asynchronous (Batch) Forms Communications APIs:

Synchronous APIs

AEM Forms Communications APIs - Synchronous

Learn how to set up environment for Synchronous (on-demand) Forms Communications APIs that generate or process documents instantly.

Learn more

Asynchronous APIs

AEM Forms Communications APIs - Asynchronous (Batch)

Learn how to set up environment for Asynchronous (Batch) Forms Communications APIs that generate or process multiple documents in a scheduled manner.

Learn more

Related Articles
recommendation-more-help
fbcff2a9-b6fe-4574-b04a-21e75df764ab