Dynamic Client Registration Flow dynamic-client-registration-flow
Access Adobe Pass protected APIs access-adobe-pass-protected-apis
Prerequisites prerequisites-access-adobe-pass-protected-apis
Before accessing Adobe Pass protected APIs, ensure the following prerequisites are met:
- A client representative must create a registered application as described in the Manage registered applications section.
- A client representative must download and embed a software statement as described in the Manage software statements section.
Workflow workflow-access-adobe-pass-protected-apis
Follow the given steps to access Adobe Pass protected APIs as shown in the following diagram.
Access Adobe Pass protected APIs
-
Retrieve client credentials: The client application gathers all the necessary data to retrieve client credentials by calling the Client Register endpoint.
note important IMPORTANT Refer to the Retrieve client credentials API documentation for details on: - All the required parameters, like
software_statement - All the required headers, like
Content-Type,X-Device-Info - All the optional parameters and headers
- All the required parameters, like
-
Return client credentials: The Client Register endpoint response contains information about the client credentials associated with the received parameters and headers.
note important IMPORTANT Refer to the Retrieve client credentials API documentation for details on the information provided in a client credentials response. The Client Register validates the request data to ensure that basic conditions are met: - The required parameters and headers must be valid.
If validation fails, an error response will be generated, providing additional information that adheres to the Retrieve client credentials API documentation. note tip TIP Suggestion: The client credentials must be cached and may be used indefinitely. -
Retrieve access token: The client application gathers all the necessary data to retrieve access token by calling the Client Token endpoint.
note important IMPORTANT Refer to the Retrieve access token API documentation for details on: - All the required parameters, like
client_id,client_secret, andgrant_type - All the required headers, like
Content-Type,X-Device-Info - All the optional parameters and headers
- All the required parameters, like
-
Return access token: The Client Token endpoint response contains information about the access token associated with the received parameters and headers.
note important IMPORTANT Refer to the Retrieve access token API documentation for details on the information provided in an access token response. The Client Token validates the request data to ensure that basic conditions are met: - The required parameters and headers must be valid.
If validation fails, an error response will be generated, providing additional information that adheres to the Retrieve access token API documentation. note tip TIP Suggestion: The access token must be cached and used only within the specified duration (e.g., 24-hour time-to-live). After it expires, the client application must request a new access token. -
Proceed with accessing protected APIs: The client application uses the access token to access other Adobe Pass protected APIs. The client application must include the access token in the
Authorizationrequest header using theBearerauthentication scheme (i.e.,Authorization: Bearer <access_token>).note important IMPORTANT The Adobe Pass protected APIs validate the access token to ensure that basic conditions are met: - The access_token must be valid.
- The access_token must be associated with a valid client_id and client_secret.
- The access_token must be associated with a valid software_statement.
If validation fails, an error response will be generated, providing additional information that adheres to the Enhanced Error Codes documentation.