Getting Error "Api Key is invalid" | Community
Skip to main content
L
lreagor
October 1, 2021
Solved

Getting Error "Api Key is invalid"

  • October 1, 2021
  • 3 replies
  • 6629 views

I am trying to do some api calls to assign users to groups. It looks like I successfully get the access token, but when I run the following call, I get the error.

 

 

curl -X POST -H "Content-type: application/json" -H "Accept: application/json" -H "x-api-key: ${api_key}" -H "Authorization: Bearer ${access_token}" https://usermanagement.adobe.io/v2/usermanagement/action/${org_id}?testOnly=true

 

 

I get this error:

{"error_code":"403003","message":"Api Key is invalid"}

 

This one is successful which makes me think my api key and access token are good:

 

 

curl -X GET -H "Authorization: Bearer ${access_token}" "https://ims-na1.adobelogin.com/ims/userinfo/v2?client_id=${api_key}"

 

 

 

Here's the payload I'm using for my JWT:

 

 

{ "exp":${expiration}, "iss":"${org_id}", "sub":"${tech_acct}", "aud":"https://ims-na1.adobelogin.com/c/${api_key}", "https://ims-na1.adobelogin.com/s/ent_adobeio_sdk":true }

 

 

I think I have the correct metascope, but I'm not positive.

 

 

Ultimately, I want to use these:

#get list of all users

 

 

curl -X GET -H "Content-type: application/json" -H "Accept: application/json" -H "x-api-key: ${api_key}" -H "Authorization: Bearer ${access_token}" https://usermanagement.adobe.io/v2/usermanagement/users/${org_id}

 

 

 

#assign users to group

 

 

json='{ "usergroup": "GROUPNAME", "do": [ { "add": { "user": [ "user1@myCompany.com" ] } } ] }' curl -X POST -H "Content-type: application/json" -H "Accept: application/json" -H "x-api-key: ${api_key}" -H "Authorization: Bearer ${access_token}" https://usermanagement.adobe.io/v2/action/${org_id} -d "${json}"

 

 

 
Does anyone have an insight as to what the actual issue is? 

 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by lreagor

I got it figured out. I was using the I/O Management API and not the User Management API. I also was using the ent_adobeio_sdk metascope and not the ent_user_sdk metascope. Once I got them switched out, it all started working.

3 replies

Asheesh_Pandey
Community Advisor
Asheesh_PandeyCommunity Advisor
Community Advisor
October 3, 2021

@lreagor 

I would check the documentation for the specific API service for which you’re hitting authenticated endpoints to find what other parameters are expected. Most of them need an x-api-key, which will be the same as your client_id.

some useful links:

https://github.com/AdobeDocs/adobeio-auth/blob/stage/AuthenticationOverview/ServiceAccountIntegration.md#step-2-add-an-api-to-your-project-using-service-account-authentication 

L
lreagorAuthor
October 4, 2021

@asheesh_pandey Thanks. I'm digging for anything I can find about it. The necessary parameters are all there. I just can't figure out what the Invalid API Key message is about, when the Key I'm using is directly from my project.

 

I've found another post with the same issue, but no real solution was posted. 
https://experienceleaguecommunities.adobe.com/t5/adobe-target-discussions/adobe-target-admin-api-error-code-403003-api-key-is-invalid/td-p/287461

 

I just wanted to see if the community had any answers before I went to Adobe Support.

L
lreagorAuthor
October 4, 2021

If I turn on verbose mode for curl, I see that it's an HTTP 403 Forbidden error.

 

< HTTP/1.1 403 Forbidden
< Server: openresty
< Date: Mon, 04 Oct 2021 13:33:45 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept, Accept-Language, Authorization, If-Modified-Since, X-Api-Key
< Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, PATCH

I found in the docs where the 403 Forbidden can mean any of these:

 

 

403 Forbidden

Possible causes are:

Missing API key.
The organization is currently migrating. Either from DMA or to One Console.
API key is not permitted access.

So, my guess is that the API key is not permitted access.

That leads me to ask, how do I get access to the UMAPI?

 

 

 

L
lreagorAuthorAccepted solution
October 4, 2021

I got it figured out. I was using the I/O Management API and not the User Management API. I also was using the ent_adobeio_sdk metascope and not the ent_user_sdk metascope. Once I got them switched out, it all started working.

    Terms & ConditionsAccessibility statement

    Loading footer...