I am trying to do some api calls to assign users to groups. It looks like I successfully get the access token, but when I run the following call, I get the error.
curl -X POST -H "Content-type: application/json" -H "Accept: application/json" -H "x-api-key: ${api_key}" -H "Authorization: Bearer ${access_token}" https://usermanagement.adobe.io/v2/usermanagement/action/${org_id}?testOnly=true
I get this error:
{"error_code":"403003","message":"Api Key is invalid"}
This one is successful which makes me think my api key and access token are good:
curl -X GET -H "Authorization: Bearer ${access_token}" "https://ims-na1.adobelogin.com/ims/userinfo/v2?client_id=${api_key}"
Here's the payload I'm using for my JWT:
{
"exp":${expiration},
"iss":"${org_id}",
"sub":"${tech_acct}",
"aud":"https://ims-na1.adobelogin.com/c/${api_key}",
"https://ims-na1.adobelogin.com/s/ent_adobeio_sdk":true
}
I think I have the correct metascope, but I'm not positive.
Ultimately, I want to use these:
#get list of all users
curl -X GET -H "Content-type: application/json" -H "Accept: application/json" -H "x-api-key: ${api_key}" -H "Authorization: Bearer ${access_token}" https://usermanagement.adobe.io/v2/usermanagement/users/${org_id}
#assign users to group
json='{
"usergroup": "GROUPNAME",
"do": [
{
"add": {
"user": [
"user1@myCompany.com"
]
}
}
]
}'
curl -X POST -H "Content-type: application/json" -H "Accept: application/json" -H "x-api-key: ${api_key}" -H "Authorization: Bearer ${access_token}" https://usermanagement.adobe.io/v2/action/${org_id} -d "${json}"
Solved! Go to Solution.
Topics help categorize Community content and increase your ability to discover relevant content.
Views
Replies
Total Likes
I got it figured out. I was using the I/O Management API and not the User Management API. I also was using the ent_adobeio_sdk metascope and not the ent_user_sdk metascope. Once I got them switched out, it all started working.
I would check the documentation for the specific API service for which you’re hitting authenticated endpoints to find what other parameters are expected. Most of them need an x-api-key, which will be the same as your client_id.
some useful links:
Views
Replies
Total Likes
@Asheesh_Pandey Thanks. I'm digging for anything I can find about it. The necessary parameters are all there. I just can't figure out what the Invalid API Key message is about, when the Key I'm using is directly from my project.
I've found another post with the same issue, but no real solution was posted.
https://experienceleaguecommunities.adobe.com/t5/adobe-target-discussions/adobe-target-admin-api-err...
I just wanted to see if the community had any answers before I went to Adobe Support.
Views
Replies
Total Likes
If I turn on verbose mode for curl, I see that it's an HTTP 403 Forbidden error.
< HTTP/1.1 403 Forbidden < Server: openresty < Date: Mon, 04 Oct 2021 13:33:45 GMT < Content-Type: application/json < Transfer-Encoding: chunked < Connection: keep-alive < Access-Control-Allow-Credentials: true < Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept, Accept-Language, Authorization, If-Modified-Since, X-Api-Key < Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, PATCH
I found in the docs where the 403 Forbidden can mean any of these:
403 Forbidden Possible causes are: Missing API key. The organization is currently migrating. Either from DMA or to One Console. API key is not permitted access.
So, my guess is that the API key is not permitted access.
That leads me to ask, how do I get access to the UMAPI?
Views
Replies
Total Likes
I got it figured out. I was using the I/O Management API and not the User Management API. I also was using the ent_adobeio_sdk metascope and not the ent_user_sdk metascope. Once I got them switched out, it all started working.