Gaining Access

Adobe Target's APIs can be classfied into four groups as described in the 'Getting Started' section - here are the requirements for each:

Admin APIs All calls require an Access Token and an API key
Reporting APIs All calls require an Access Token and an API key
Server Side Delivery APIs No authentication is required
Profile APIs Some profile APIs require authentication - see the "Profiles" section under "Reference" for more details. 

In this section, we will cover the four steps you can take to obtain the Access Token and the API key in order to fire Admin and Reporting API calls: 

1. Create a certificate

2. Create an integration in

3. Generate a JSON Web token

4. Access Token Exchange

You must be an Admin user on your organization's account to perform these steps. While all users can use the Access Token and API keys created in, only Admin users can create new integrations.

 Step 1: Create a Certificate

At the end of this step, you will have generated a public key and a private key. Adobe will use the public key to verify the request credentials that you have signed with your private key.

You can either create or purchase a valid digital signing certificate. You can purchase one from a vendor, or you can create your own using openssh in Mac OS, or Cygwin (which includes openssh) in Windows. See the "Create Certificate" section for step-by-step instructions on how to create a self-signed certificate.

Make sure to retain the private key securely, because it cannot be recovered or replaced. If you lose it or it is compromised, you must delete the corresponding certificate from your Integration, and then create and upload a new certificate. Your Integration must be associated with at least one valid certificate.

Step 2: Create an Integration in

2a. Go to the console, which only Admin users have access to. If you are unable to access this page, please contact your organization's System Administrator.

2b. Click on "New Integration", then select "Enterprise Key" as the Integration Type, and then click "Next".


2c. Provide a name for your Integration, and write a description for it. You can create multiple integrations (e.g. Reporting Dashboard Connector, CMS Content Importer, etc.) for the same account, with each serving a different purpose. Upload your public key, fill out the Captcha, and then click “Next”. 


2d. You will be taken to the Integration Overview page - select “Adobe Target” from the Integration Services dropdown, and then click “Add Service”. You will be using the API Key, the Client Secret, and the payload from this page in the subsequent steps. Click “Save”.


Step 3: Generate a JSON Web Token

Use the payload from the Integration screen to generate a JSON Web Token, and then sign it with your private key. The JWT encodes all of the identity and security information that Adobe needs in order to verify your identity and grant you access to the Target APIs.

There are several public and open source libraries for creating a JWT. The JWT must be digitally signed and base-64 encoded in order to be included in the Access Request. For details around which libraries are available and which fields must be included in your JWT, see the “Create JSON Web Token” section.

Step 4: Access Token Exchange

To establish a secure session, you must use the JWT that contains your identity information, and exchange it for an Access Token. Every call to the Target API endpoints must be authorized with this Access Token in the Authorization header, along with the API key you created when you initially set up your API client in the console.

  • The Access Token is valid for 24 hours after it is created in response to the exchange request
  • You can request multiple Access Tokens - previous tokens are not invalidated when a new one is issued.
  • You can authorize requests with any valid Access Token.

Access request syntax

Exchange your JWT for an API Access Token by making a POST request to the Adobe identity service:


Request parameters

Pass URL-encoded parameters in the body of your POST request:


The API key assigned to your API client account.
client_secret The client secret assigned to your API client account.
jwt_token The base-64 encoded JSON token that encapsulates your identity information, signed with the private key for any certificate that you have associated with your API key.

Refer to the Access API Reference for error codes and sample scripts.