Getting started with the Privacy Service API

Adobe Experience Platform Privacy Service provides a RESTful API that allows you to programmatically manage customer access and delete requests from your Experience Cloud applications. In this video, we’re going to walk through the steps for gathering the required authentication values that you’ll need in order to make calls to the API. In order to generate access credentials for the API, you must first be added as a developer to a platform product profile in Adobe Admin Console. You may need to contact a system administrator if you do not have appropriate admin permissions to manage a product profile. Please refer to the Admin Console documentation for more information on managing developers for product profiles. Once we’ve been added as a developer, we can sign in to Adobe Developer Console and select APIs and Services in the top nav. We’ll select the APIs tab and use the search bar to narrow down the listed services to find the Privacy Service API. Once we locate it, we’ll select Create Project. The first step is to create a key pair, which will be used later to create an authentication token. We can choose to upload a public key if we generated our own key pair earlier, but in our case, we’ll pick the option for Developer Console to generate the key pair for us. Select Generate Key Pair, and after a moment a zip file is automatically created and downloaded by our browser. This will come back in a later step. For now, we’ll select Save Configured API to continue. The API has now been added to the project. Under Service Account, we can see that several credential values have been generated for us. Two of these values, our Organization ID and our Client ID, are required in headers in all calls made to the Privacy Service API. These values do not change and can be reused indefinitely. From here, we only need one more value before we can use the API, an access token. Access tokens are temporary and must be regenerated every 24 hours in order to continue using the API. We can quickly obtain this value under Generate Access Token. We’ll open the private key file, copy the text, then we’ll paste it into the dialog before selecting Generate Token. Our access token is generated, and we can copy it to start using the API right away. If we wanted to create protocols to generate our access tokens automatically, we can do that through an API call. To start, we’ll need to generate a JSON Web Token, or JWT. Select Service Account in the left nav, then select Generate JWT. We’re given a sample payload which we can use with the JWT creation tool of our choice. Note the EXP property, which indicates when the token will expire. It is recommended that you only use a token that will expire a few minutes after creation for the most security. To learn more about generating JWTs using this method, please refer to the Adobe IO Authentication Documentation. For this demo, under Generate Custom JWT, we’ll paste the contents of our private key, then select Generate JWT. Once it’s done, we can see our generated JWT, and we’re given a sample cURL command. This command uses our client ID, client secret, and JWT credentials to generate a new access token. Here’s what the call looks like in Postman. We’re making a POST request to the IMS Exchange endpoint, and under Body, we’ve selected form data for our payload type. Here we can see our client ID, client secret, and JWT credentials provided. Let’s hit send to test it out, and there we have our access token. Now we have everything we need to start making calls to the Privacy Service API. Let’s put together a simple request to see if everything’s working as expected. We’ll set up a GET request and use the path for the jobs endpoint in the Privacy Service API, which you can see here. Notice that we’ve added the required regulation query parameter as well, and set it to CCPA. Next, we have our authentication headers. For authorization, use the word BEARER, followed by the access token we just generated. For XAPI key, copy and paste the client ID from Developer Console. For IMS Org ID, copy and paste the organization ID from Developer Console. We’ll hit send, and we can see the list of privacy jobs in the response, confirming that our credentials are working. By following along with this video, you should now have access to the different functionalities provided by the Privacy Service API. See the video on using the Privacy Service API for more information on how to use the available endpoints. Thanks for watching!