Hello Team,
We need to create a custom API in Campaign v8. This API will be called from an external application.
We will create the same in JSSP pages, but wanted to know about the
1. Authentication and Authorization parameters that we need to send with the REST Calls.
2. Do we need to create a separate user in ACC and give them necessary permissions ?
3. How to Authenticate and and check Authorization in the JSSP API.
4. Any best practices that you can point me too.
Any working example will help a lot
Regards,
DG
Solved! Go to Solution.
Topics help categorize Community content and increase your ability to discover relevant content.
Views
Replies
Total Likes
Hi @dipendu_g,
Please find the response below:
To authenticate and authorize REST calls in Campaign v8, you can use OAuth 2.0 authentication. OAuth 2.0 is a widely accepted authentication protocol that enables third-party applications to access protected resources in a secure and standardized way.
To use OAuth 2.0 authentication in Campaign v8, you will need to register your external application as a client in Campaign v8 and obtain an access token that will be used to authorize REST calls. You can then send the access token in the Authorization header of your REST calls.
2. Do we need to create a separate user in ACC and give them necessary permissions?
Yes, you will need to create a separate user in ACC and give them the necessary permissions to access the resources that your API will be calling. You can create a new user in Campaign v8 and assign them the necessary roles and permissions using the Campaign v8 UI or API.
3. How to Authenticate and check Authorization in the JSSP API:
To authenticate and check authorization in the JSSP API, you can use the following JSSP code:
<%@page contentType="application/json" %>
<%
String accessToken = request.getHeader("Authorization").replace("Bearer ", "");
// Verify the access token
if (verifyAccessToken(accessToken)) {
// Handle the API request
...
} else {
// Return an unauthorized response
response.setStatus(401);
}
%>
In this code, we are retrieving the access token from the Authorization header of the request and verifying it using the verifyAccessToken() function. If the access token is valid, we can handle the API request. Otherwise, we return an unauthorized response.
4. Any best practices that you can point me to:
Here are some best practices for creating a custom API in Campaign v8:
Here is an example of how to use OAuth 2.0 authentication to authorize REST calls in Campaign v8:
POST /auth/oauth/v2/token HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&
client_id=your_client_id&
client_secret=your_client_secret
This request will return an access token that you can use to authorize subsequent REST calls:
{
"access_token": "your_access_token",
"token_type": "Bearer",
"expires_in": 3600
}
Hello @dipendu_g,
you need to create such endpoint in JSSP and use ACC auth token that you receive with session.logon. You can also choose not to use session token but then you might need to add your own security layer.
<%@ page import="/nl/core/shared/nl.js"%>
<%
loadLibrary("xtk:common.js");
loadLibrary("xtk:shared/json2.js");
NL.require('/nl/core/shared/xtk.js')
.require("/nl/core/api.js")
.require('/nl/core/jsspcontext.js')
NL.API.init(request, response, {
jsonOutput: true
}, function(jsspContext) {
response.addHeader("Pragma", "no-cache")
response.addHeader("Cache-Control", "no-cache");
response.addHeader("Expires", new Date().toGMTString());
//do something resty
});
%>
Take a look at similar request here
Marcel Szimonisz
MarTech Consultant
for more tips visit my blog
https://www.martechnotes.com/
Views
Replies
Total Likes
Thanks for your reply, but do we have any examples where the session tokens or any layer was used, which can be referred ?
To Obtain the session token, we might need to first login using basic authentication and use the received token to call the API's further. Will this be a correct understanding ?
Any code reference, can really help
Regards,
DG
Views
Replies
Total Likes
Hello @dipendu_g ,
for to call this you need to provide session token to the POST request as a parameter _sessiontoken (i will clarify this do not know exacrtly the name)
Take a look at the implementation of the 'nl/core/api.js'
Marcel
Views
Replies
Total Likes
Thanks @Marcel_Szimonisz, I am also looking into the api.js, as suggested. Will let you know
Regards,
DG
Views
Replies
Total Likes
how can i called Dynamic JavaScript pages via external system? means i create a Dynamic JavaScript pages but how to Trigger? like a js code,
Views
Replies
Total Likes
Hi @dipendu_g,
Please find the response below:
To authenticate and authorize REST calls in Campaign v8, you can use OAuth 2.0 authentication. OAuth 2.0 is a widely accepted authentication protocol that enables third-party applications to access protected resources in a secure and standardized way.
To use OAuth 2.0 authentication in Campaign v8, you will need to register your external application as a client in Campaign v8 and obtain an access token that will be used to authorize REST calls. You can then send the access token in the Authorization header of your REST calls.
2. Do we need to create a separate user in ACC and give them necessary permissions?
Yes, you will need to create a separate user in ACC and give them the necessary permissions to access the resources that your API will be calling. You can create a new user in Campaign v8 and assign them the necessary roles and permissions using the Campaign v8 UI or API.
3. How to Authenticate and check Authorization in the JSSP API:
To authenticate and check authorization in the JSSP API, you can use the following JSSP code:
<%@page contentType="application/json" %>
<%
String accessToken = request.getHeader("Authorization").replace("Bearer ", "");
// Verify the access token
if (verifyAccessToken(accessToken)) {
// Handle the API request
...
} else {
// Return an unauthorized response
response.setStatus(401);
}
%>
In this code, we are retrieving the access token from the Authorization header of the request and verifying it using the verifyAccessToken() function. If the access token is valid, we can handle the API request. Otherwise, we return an unauthorized response.
4. Any best practices that you can point me to:
Here are some best practices for creating a custom API in Campaign v8:
Here is an example of how to use OAuth 2.0 authentication to authorize REST calls in Campaign v8:
POST /auth/oauth/v2/token HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&
client_id=your_client_id&
client_secret=your_client_secret
This request will return an access token that you can use to authorize subsequent REST calls:
{
"access_token": "your_access_token",
"token_type": "Bearer",
"expires_in": 3600
}
Hi @akshaaga,
Thanks a lot for such a detailed answer.
Have 2 follow-up questions
1. How can I register the client with v8? And after doing that, do I still need to create a userid in v8 ?
2. If I create a userid in v8 ( as per your answer for point 2 ), do I need to use basic authentication, or still can use the oAuth ?
Regards,
DG
Views
Replies
Total Likes
Hi @dipendu_g ,
A. To register a client with Adobe Campaign v8, you can follow the instructions in the Adobe Campaign API documentation under "Authenticate with Adobe Campaign." This involves creating an integration in the Adobe I/O Console, which will provide you with the necessary client ID and client secret to authenticate your external system with Adobe Campaign. Once you have registered your client, you can use it to authenticate your API calls to Campaign v8.
Creating a user ID in Campaign v8 is a separate step and is not necessary for authentication purposes. However, you may need to create user accounts in Campaign v8 in order to grant specific users access to Campaign functionality.
B. Once you have registered your client with Campaign v8, you can use OAuth authentication to make API calls. Basic authentication is also supported, but OAuth is generally more secure and is the recommended authentication method for API calls to Campaign v8.
Hi @akshaaga,
I am sorry, but was not able to find the link that you mentioned.
Can you please help me with the link, if possible
Regards,
DG
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies