Connecting to Adobe using JWT

New Contributor II
New Contributor II
We need to connect to Adobe User Management API using JWT authentication. However, to get the JWT token, we need to get the private key and certificate which expires every day.
Hence, we want to know if it's feasible to get the private key dynamically in the JSONS so that they can be refreshed automatically.
We are using Saviynt v5.5 SP3.11 which according to the REST connector document supports JWT authentication.

Saviynt Employee
Saviynt Employee

Hello @AradhanaGanguly 

We do support JWT authentication in our REST connector. You can find a JSON sample for the same in our documentation below. Please refer to the "JWT: Used for authentication using JSON Web Tokens (JWT)" section of the documentation

Developers Handbook 

Based on Adobe documentation, it contradicts what you have stated which is "private key and certificate expires every day" and instead it stated that it is a "One-time activity"

Snips from Adobe documentation below...

One-time Setup

  • To obtain the credentials you need to access the User Management service, create a Service Account Integration using the Adobe I/O Console.
  • A member of the organization with admin rights can create the Integration. You can use the Admin Console to grant administrative privileges to users.
  • You will need to create or purchase a digital signing certification, and use it to sign a JSON Web Token (JWT), which you will use to authenticate your requests.
  • Your integration provides an API key that uniquely identifies your client and other credentials that you need to access the UM API.

For complete details of the entire integration process, see Service Account Authentication.

Authorizing API calls

  • To establish a secure service-to-service API session, you will create a JSON Web Token (JWT) that encapsulates your client credentials, and sign the JWT with the private key for a public-key certificate associated with the integration. For complete details, see Creating a JSON Web Token.
  • You will exchange the JWT for an access token from the Adobe Identity Management Service (IMS). Every request to an Adobe service must include the access token in the Authorization HTTP header, along with the API Key (client ID) that was generated when you created the integration. Include these headers in all requests:

External Doc References

Creating Service Account:

Authentication for API Access:

JWT (Service Account) Authentication:

New Contributor II
New Contributor II

Thanks for the reply, the certificates and private key are valid for a year. Only the jwt token will get expired every day