Calling Custom Campaign API from External System | Community
Skip to main content
D
dipendu_g
Level 5
March 28, 2023
Solved

Calling Custom Campaign API from External System

  • March 28, 2023
  • 2 replies
  • 3259 views

Hello Team,

 

We need to create a custom API in Campaign v8. This API will be called from an external application.

We will create the same in JSSP pages, but wanted to know about the

 

1. Authentication and Authorization parameters that we need to send with the REST Calls.

2. Do we need to create a separate user in ACC and give them necessary permissions ?

3. How to Authenticate and and check Authorization  in the JSSP API.

4. Any best practices that you can point me too.

 

Any working example will help a lot

 

Regards,

DG

 

 

 

 

 

 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by akshaaga

Hi @dipendu_g,

 

Please find the response below:

  1. Authentication and Authorization parameters that we need to send with the REST Calls:

To authenticate and authorize REST calls in Campaign v8, you can use OAuth 2.0 authentication. OAuth 2.0 is a widely accepted authentication protocol that enables third-party applications to access protected resources in a secure and standardized way.

To use OAuth 2.0 authentication in Campaign v8, you will need to register your external application as a client in Campaign v8 and obtain an access token that will be used to authorize REST calls. You can then send the access token in the Authorization header of your REST calls.

2. Do we need to create a separate user in ACC and give them necessary permissions?

Yes, you will need to create a separate user in ACC and give them the necessary permissions to access the resources that your API will be calling. You can create a new user in Campaign v8 and assign them the necessary roles and permissions using the Campaign v8 UI or API.

3. How to Authenticate and check Authorization in the JSSP API:

To authenticate and check authorization in the JSSP API, you can use the following JSSP code:


<%@page contentType="application/json" %>

<%

  String accessToken = request.getHeader("Authorization").replace("Bearer ", "");

  // Verify the access token

  if (verifyAccessToken(accessToken)) {

    // Handle the API request

    ...

  } else {

    // Return an unauthorized response

    response.setStatus(401);

  }

%>

In this code, we are retrieving the access token from the Authorization header of the request and verifying it using the verifyAccessToken() function. If the access token is valid, we can handle the API request. Otherwise, we return an unauthorized response.

4. Any best practices that you can point me to:

Here are some best practices for creating a custom API in Campaign v8:

  • Use OAuth 2.0 authentication to secure your API and protect against unauthorized access.
  • Use HTTPS to encrypt communication between your API and external application.
  • Use HTTP status codes to provide meaningful responses to the external application.
  • Use descriptive error messages to help external applications diagnose issues with the API.
  • Follow RESTful API design principles to create a simple and intuitive API that is easy to use and understand.

Here is an example of how to use OAuth 2.0 authentication to authorize REST calls in Campaign v8:

POST /auth/oauth/v2/token HTTP/1.1

Host: example.com

Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&

client_id=your_client_id&

client_secret=your_client_secret

 

This request will return an access token that you can use to authorize subsequent REST calls:

{

  "access_token": "your_access_token",

  "token_type": "Bearer",

  "expires_in": 3600

}

2 replies

Marcel_Szimonisz
Community Advisor
Marcel_SzimoniszCommunity Advisor
Community Advisor
March 28, 2023

Hello @dipendu_g,

you need to create such endpoint in JSSP and use ACC auth token that you receive with session.logon. You can also choose not to use session token but then you might need to add your own security layer.

<%@ page import="/nl/core/shared/nl.js"%> <% loadLibrary("xtk:common.js"); loadLibrary("xtk:shared/json2.js"); NL.require('/nl/core/shared/xtk.js') .require("/nl/core/api.js") .require('/nl/core/jsspcontext.js') NL.API.init(request, response, { jsonOutput: true }, function(jsspContext) { response.addHeader("Pragma", "no-cache") response.addHeader("Cache-Control", "no-cache"); response.addHeader("Expires", new Date().toGMTString()); //do something resty }); %>

 

Take a look at similar request here

https://experienceleaguecommunities.adobe.com/t5/adobe-campaign-classic-questions/campaign-classic-web-service-call-via-rest/td-p/448347

 

 

Marcel Szimonisz

MarTech Consultant
for more tips visit my blog
https://www.martechnotes.com/

D
dipendu_gAuthor
Level 5
March 28, 2023

Hi @marcel_szimonisz,

 

Thanks for your reply, but do we have any examples where the session tokens or any layer was used, which can be referred ?

 

To Obtain the session token, we might need to first login using basic authentication and use the received token to call the API's further. Will this be a correct understanding ?

 

Any code reference, can really help

 

Regards,

DG

 

 

Marcel_Szimonisz
Community Advisor
Marcel_SzimoniszCommunity Advisor
Community Advisor
March 28, 2023

Hello @dipendu_g ,

for to call this you need to provide session token to the POST request as a parameter  _sessiontoken (i will clarify this do not know exacrtly the name)

Take a look at the implementation of the   'nl/core/api.js' 

 

Marcel

akshaaga
Adobe Employee
akshaagaAdobe EmployeeAccepted solution
Adobe Employee
March 29, 2023

Hi @dipendu_g,

 

Please find the response below:

  1. Authentication and Authorization parameters that we need to send with the REST Calls:

To authenticate and authorize REST calls in Campaign v8, you can use OAuth 2.0 authentication. OAuth 2.0 is a widely accepted authentication protocol that enables third-party applications to access protected resources in a secure and standardized way.

To use OAuth 2.0 authentication in Campaign v8, you will need to register your external application as a client in Campaign v8 and obtain an access token that will be used to authorize REST calls. You can then send the access token in the Authorization header of your REST calls.

2. Do we need to create a separate user in ACC and give them necessary permissions?

Yes, you will need to create a separate user in ACC and give them the necessary permissions to access the resources that your API will be calling. You can create a new user in Campaign v8 and assign them the necessary roles and permissions using the Campaign v8 UI or API.

3. How to Authenticate and check Authorization in the JSSP API:

To authenticate and check authorization in the JSSP API, you can use the following JSSP code:


<%@page contentType="application/json" %>

<%

  String accessToken = request.getHeader("Authorization").replace("Bearer ", "");

  // Verify the access token

  if (verifyAccessToken(accessToken)) {

    // Handle the API request

    ...

  } else {

    // Return an unauthorized response

    response.setStatus(401);

  }

%>

In this code, we are retrieving the access token from the Authorization header of the request and verifying it using the verifyAccessToken() function. If the access token is valid, we can handle the API request. Otherwise, we return an unauthorized response.

4. Any best practices that you can point me to:

Here are some best practices for creating a custom API in Campaign v8:

  • Use OAuth 2.0 authentication to secure your API and protect against unauthorized access.
  • Use HTTPS to encrypt communication between your API and external application.
  • Use HTTP status codes to provide meaningful responses to the external application.
  • Use descriptive error messages to help external applications diagnose issues with the API.
  • Follow RESTful API design principles to create a simple and intuitive API that is easy to use and understand.

Here is an example of how to use OAuth 2.0 authentication to authorize REST calls in Campaign v8:

POST /auth/oauth/v2/token HTTP/1.1

Host: example.com

Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&

client_id=your_client_id&

client_secret=your_client_secret

 

This request will return an access token that you can use to authorize subsequent REST calls:

{

  "access_token": "your_access_token",

  "token_type": "Bearer",

  "expires_in": 3600

}

    D
    dipendu_gAuthor
    Level 5
    March 29, 2023

    Hi @akshaaga,

     

    Thanks a lot for such a detailed answer.

    Have 2 follow-up questions 

     

    1. How can I register the client with v8? And after doing that, do I still need to create a userid in v8 ?

     

    2. If I create a userid in v8 ( as per your answer for point 2 ), do I need to use basic authentication, or still can use the oAuth ?

     

    Regards,

    DG

    akshaaga
    Adobe Employee
    akshaagaAdobe Employee
    Adobe Employee
    March 29, 2023

    Hi @dipendu_g ,

    A. To register a client with Adobe Campaign v8, you can follow the instructions in the Adobe Campaign API documentation under "Authenticate with Adobe Campaign." This involves creating an integration in the Adobe I/O Console, which will provide you with the necessary client ID and client secret to authenticate your external system with Adobe Campaign. Once you have registered your client, you can use it to authenticate your API calls to Campaign v8.

    Creating a user ID in Campaign v8 is a separate step and is not necessary for authentication purposes. However, you may need to create user accounts in Campaign v8 in order to grant specific users access to Campaign functionality.

    B. Once you have registered your client with Campaign v8, you can use OAuth authentication to make API calls. Basic authentication is also supported, but OAuth is generally more secure and is the recommended authentication method for API calls to Campaign v8.

      Terms & ConditionsAccessibility statement

      Loading footer...