Adobe Campaign Classic v7 & Campaign v8

dipendu_g · 3/27/23

Hello Team,

We need to create a custom API in Campaign v8. This API will be called from an external application.

We will create the same in JSSP pages, but wanted to know about the

1. Authentication and Authorization parameters that we need to send with the REST Calls.

2. Do we need to create a separate user in ACC and give them necessary permissions ?

3. How to Authenticate and and check Authorization in the JSSP API.

4. Any best practices that you can point me too.

Any working example will help a lot

Regards,

DG

akshaaga · 3/29/23

Hi @dipendu_g,

Please find the response below:

Authentication and Authorization parameters that we need to send with the REST Calls:

To authenticate and authorize REST calls in Campaign v8, you can use OAuth 2.0 authentication. OAuth 2.0 is a widely accepted authentication protocol that enables third-party applications to access protected resources in a secure and standardized way.

To use OAuth 2.0 authentication in Campaign v8, you will need to register your external application as a client in Campaign v8 and obtain an access token that will be used to authorize REST calls. You can then send the access token in the Authorization header of your REST calls.

2. Do we need to create a separate user in ACC and give them necessary permissions?

Yes, you will need to create a separate user in ACC and give them the necessary permissions to access the resources that your API will be calling. You can create a new user in Campaign v8 and assign them the necessary roles and permissions using the Campaign v8 UI or API.

3. How to Authenticate and check Authorization in the JSSP API:

To authenticate and check authorization in the JSSP API, you can use the following JSSP code:

<%@page contentType="application/json" %>

<%

String accessToken = request.getHeader("Authorization").replace("Bearer ", "");

// Verify the access token

if (verifyAccessToken(accessToken)) {

// Handle the API request

...

} else {

// Return an unauthorized response

response.setStatus(401);

}

%>

In this code, we are retrieving the access token from the Authorization header of the request and verifying it using the verifyAccessToken() function. If the access token is valid, we can handle the API request. Otherwise, we return an unauthorized response.

4. Any best practices that you can point me to:

Here are some best practices for creating a custom API in Campaign v8:

Use OAuth 2.0 authentication to secure your API and protect against unauthorized access.
Use HTTPS to encrypt communication between your API and external application.
Use HTTP status codes to provide meaningful responses to the external application.
Use descriptive error messages to help external applications diagnose issues with the API.
Follow RESTful API design principles to create a simple and intuitive API that is easy to use and understand.

Here is an example of how to use OAuth 2.0 authentication to authorize REST calls in Campaign v8:

POST /auth/oauth/v2/token HTTP/1.1

Host: example.com

Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&

client_id=your_client_id&

client_secret=your_client_secret

This request will return an access token that you can use to authorize subsequent REST calls:

{

"access_token": "your_access_token",

"token_type": "Bearer",

"expires_in": 3600

}

View solution in original post

Marcel_Szimonisz · 3/28/23

Hello @dipendu_g,

you need to create such endpoint in JSSP and use ACC auth token that you receive with session.logon. You can also choose not to use session token but then you might need to add your own security layer.

   <%@ page import="/nl/core/shared/nl.js"%>
    <%
    loadLibrary("xtk:common.js");
    loadLibrary("xtk:shared/json2.js");
    NL.require('/nl/core/shared/xtk.js')
    .require("/nl/core/api.js")
    .require('/nl/core/jsspcontext.js')

 NL.API.init(request, response, {
    jsonOutput: true
    }, function(jsspContext) {
            response.addHeader("Pragma", "no-cache")
            response.addHeader("Cache-Control", "no-cache");
            response.addHeader("Expires", new Date().toGMTString());
            
            //do something resty
            
    });
%>

Take a look at similar request here

https://experienceleaguecommunities.adobe.com/t5/adobe-campaign-classic-questions/campaign-classic-w...

Marcel Szimonisz

MarTech Consultant
for more tips visit my blog
https://www.martechnotes.com/

dipendu_g · 3/28/23

Hi @Marcel_Szimonisz,

Thanks for your reply, but do we have any examples where the session tokens or any layer was used, which can be referred ?

To Obtain the session token, we might need to first login using basic authentication and use the received token to call the API's further. Will this be a correct understanding ?

Any code reference, can really help

Regards,

DG

Marcel_Szimonisz · 3/28/23

Hello @dipendu_g ,

for to call this you need to provide session token to the POST request as a parameter _sessiontoken (i will clarify this do not know exacrtly the name)

Take a look at the implementation of the 'nl/core/api.js'

Marcel

dipendu_g · 3/28/23

Thanks @Marcel_Szimonisz, I am also looking into the api.js, as suggested. Will let you know

Regards,

DG

wankang · 4/17/23

how can i called Dynamic JavaScript pages via external system? means i create a Dynamic JavaScript pages but how to Trigger？ like a js code,

akshaaga · 3/29/23

Hi @dipendu_g,

Please find the response below:

Authentication and Authorization parameters that we need to send with the REST Calls:

To authenticate and authorize REST calls in Campaign v8, you can use OAuth 2.0 authentication. OAuth 2.0 is a widely accepted authentication protocol that enables third-party applications to access protected resources in a secure and standardized way.

To use OAuth 2.0 authentication in Campaign v8, you will need to register your external application as a client in Campaign v8 and obtain an access token that will be used to authorize REST calls. You can then send the access token in the Authorization header of your REST calls.

2. Do we need to create a separate user in ACC and give them necessary permissions?

Yes, you will need to create a separate user in ACC and give them the necessary permissions to access the resources that your API will be calling. You can create a new user in Campaign v8 and assign them the necessary roles and permissions using the Campaign v8 UI or API.

3. How to Authenticate and check Authorization in the JSSP API:

To authenticate and check authorization in the JSSP API, you can use the following JSSP code:

<%@page contentType="application/json" %>

<%

String accessToken = request.getHeader("Authorization").replace("Bearer ", "");

// Verify the access token

if (verifyAccessToken(accessToken)) {

// Handle the API request

...

} else {

// Return an unauthorized response

response.setStatus(401);

}

%>

In this code, we are retrieving the access token from the Authorization header of the request and verifying it using the verifyAccessToken() function. If the access token is valid, we can handle the API request. Otherwise, we return an unauthorized response.

4. Any best practices that you can point me to:

Here are some best practices for creating a custom API in Campaign v8:

Use OAuth 2.0 authentication to secure your API and protect against unauthorized access.
Use HTTPS to encrypt communication between your API and external application.
Use HTTP status codes to provide meaningful responses to the external application.
Use descriptive error messages to help external applications diagnose issues with the API.
Follow RESTful API design principles to create a simple and intuitive API that is easy to use and understand.

Here is an example of how to use OAuth 2.0 authentication to authorize REST calls in Campaign v8:

POST /auth/oauth/v2/token HTTP/1.1

Host: example.com

Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&

client_id=your_client_id&

client_secret=your_client_secret

This request will return an access token that you can use to authorize subsequent REST calls:

{

"access_token": "your_access_token",

"token_type": "Bearer",

"expires_in": 3600

}

dipendu_g · 3/29/23

Hi @akshaaga,

Thanks a lot for such a detailed answer.

Have 2 follow-up questions

1. How can I register the client with v8? And after doing that, do I still need to create a userid in v8 ?

2. If I create a userid in v8 ( as per your answer for point 2 ), do I need to use basic authentication, or still can use the oAuth ?

Regards,

DG

akshaaga · 3/29/23

Hi @dipendu_g ,

A. To register a client with Adobe Campaign v8, you can follow the instructions in the Adobe Campaign API documentation under "Authenticate with Adobe Campaign." This involves creating an integration in the Adobe I/O Console, which will provide you with the necessary client ID and client secret to authenticate your external system with Adobe Campaign. Once you have registered your client, you can use it to authenticate your API calls to Campaign v8.

Creating a user ID in Campaign v8 is a separate step and is not necessary for authentication purposes. However, you may need to create user accounts in Campaign v8 in order to grant specific users access to Campaign functionality.

B. Once you have registered your client with Campaign v8, you can use OAuth authentication to make API calls. Basic authentication is also supported, but OAuth is generally more secure and is the recommended authentication method for API calls to Campaign v8.