Sharing private extension packages

Owners of extension packages can grant permission for other companies to utilize their private versions through the Reactor API. A usage license for one extension package is granted to each approved business, and this authorization is good for all current and future private versions of the package.

This guide provides a high-level overview of how to configure extension package usage authorizations. For more detailed guidance on how to manage authorizations in the Reactor API, including example JSON of a authorization’s structure, refer to the extension package usage authorization endpoint guide.

Create an authorization create-authorization

To create a new authorization, you must have the develop_extensions right. The following example demonstrates how you can create an extension package usage authorization for an extension package using the authorized_org_id of the company you wish to authorize.

API format

POST /extension_packages/{EXTENSION_PACKAGE_ID}/extension_package_usage_authorizations

Request

The following request creates a new extension package authorization for the company specified.

curl -X POST \
  https://reactor.adobe.io/extension_packages/{EXTENSION_PACKAGE_ID}/extension_package_usage_authorizations \
  -H 'Authorization: Bearer {ACCESS_TOKEN}' \
  -H 'x-api-key: {API_KEY}' \
  -H 'x-gw-ims-org-id: {ORG_ID}' \
  -H "Content-Type: application/vnd.api+json" \
  -d '{
        "data": {
          "attributes": {
            "authorized_org_id": "{ORG_ID}"
          },
          "type": "extension_package_usage_authorizations"
        }
      }

The initial state of the authorization is in the pending_approval stage. Before using the extension package, the company must approve the authorization. Users of the company are able to browse the private extension package while authorization is pending approval, but they are unable to install it and cannot find it in their extensions catalog.

Approve an authorization approve-authorization

To approve an authorization, you must have the manage_properties rights. As the authorized company, you will need to send a PATCH request to the extension package usage authorization, including the ID of the authorization and set the state set to approved.

API format

PATCH //extension_package_usage_authorizations/{EXTENSION_PACKAGE_USAGE_AUTHORIZATION_ID}

Request

The following PATCH request sets the state of an authorization to approved.

curl -X PATCH \
  https://reactor.adobe.io/extension_package_usage_authorizations/{EXTENSION_PACKAGE_USAGE_AUTHORIZATION_ID} \
  -H 'Authorization: Bearer {ACCESS_TOKEN}' \
  -H 'x-Api-Key: {API_KEY}' \
  -H 'x-gw-ims-org-id: {ORG_ID}' \
  -H "Content-Type: application/vnd.api+json" \
  -d '{
        "data": {
          "attributes": {
            "state": "approved"
            },
            "id": ":extension_package_usage_authorization_id",
            "type": "extension_package_usage_authorizations"
        }
      }

Once the authorization is approved, as the authorized company, you can now install the extension package on your properties.

Delete an authorization delete-authorization

As the owner of an extension package, you can revoke the authorization at any time by deleting the extension package usage authorization. This will prevent the authorized company from viewing private versions of the extension package in the catalog and installing it on their properties. However, already installed private versions will continue to work as expected after deletion.

API format

DELETE //extension_package_usage_authorizations/{EXTENSION_PACKAGE_USAGE_AUTHORIZATION_ID}

Request

The following DELETE request removes authorization privilages for a company.

curl -X DELETE \
  https://reactor.adobe.io/extension_package_usage_authorizations/{EXTENSION_PACKAGE_USAGE_AUTHORIZATION_ID} \
  -H 'Authorization: Bearer {ACCESS_TOKEN}' \
  -H 'x-Api-Key: {API_KEY}' \
  -H 'x-gw-ims-org-id: {ORG_ID}' \
  -H "Content-Type: application/vnd.api+json" \