Expand my Community achievements bar.

SOLVED

Getting Error "Api Key is invalid"

Avatar

Level 2

I am trying to do some api calls to assign users to groups. It looks like I successfully get the access token, but when I run the following call, I get the error.

 

 

curl -X POST -H "Content-type: application/json" -H "Accept: application/json" -H "x-api-key: ${api_key}" -H "Authorization: Bearer ${access_token}" https://usermanagement.adobe.io/v2/usermanagement/action/${org_id}?testOnly=true

 

 

I get this error:

{"error_code":"403003","message":"Api Key is invalid"}

 

This one is successful which makes me think my api key and access token are good:

 

 

curl -X GET -H "Authorization: Bearer ${access_token}" "https://ims-na1.adobelogin.com/ims/userinfo/v2?client_id=${api_key}"

 

 

 

Here's the payload I'm using for my JWT:

 

 

{
	"exp":${expiration},
	"iss":"${org_id}",
	"sub":"${tech_acct}",
	"aud":"https://ims-na1.adobelogin.com/c/${api_key}",
	"https://ims-na1.adobelogin.com/s/ent_adobeio_sdk":true
}

 

 

I think I have the correct metascope, but I'm not positive.

 

 

Ultimately, I want to use these:

#get list of all users

 

 

curl -X GET -H "Content-type: application/json" -H "Accept: application/json" -H "x-api-key: ${api_key}" -H "Authorization: Bearer ${access_token}" https://usermanagement.adobe.io/v2/usermanagement/users/${org_id}

 

 

 

#assign users to group

 

 

json='{
  "usergroup": "GROUPNAME",
  "do": [
      {
        "add": {
         "user": [
           "user1@myCompany.com"
         ]
        } 
      }
  ]
}'
curl -X POST -H "Content-type: application/json" -H "Accept: application/json" -H "x-api-key: ${api_key}" -H "Authorization: Bearer ${access_token}" https://usermanagement.adobe.io/v2/action/${org_id} -d "${json}"

 

 

 
Does anyone have an insight as to what the actual issue is? 

 

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

1 Accepted Solution

Avatar

Correct answer by
Level 2

I got it figured out. I was using the I/O Management API and not the User Management API. I also was using the ent_adobeio_sdk metascope and not the ent_user_sdk metascope. Once I got them switched out, it all started working.

View solution in original post

4 Replies

Avatar

Community Advisor

@lreagor 

I would check the documentation for the specific API service for which you’re hitting authenticated endpoints to find what other parameters are expected. Most of them need an x-api-key, which will be the same as your client_id.

some useful links:

https://github.com/AdobeDocs/adobeio-auth/blob/stage/AuthenticationOverview/ServiceAccountIntegratio... 

Avatar

Level 2

@Asheesh_Pandey Thanks. I'm digging for anything I can find about it. The necessary parameters are all there. I just can't figure out what the Invalid API Key message is about, when the Key I'm using is directly from my project.

 

I've found another post with the same issue, but no real solution was posted. 
https://experienceleaguecommunities.adobe.com/t5/adobe-target-discussions/adobe-target-admin-api-err...

 

I just wanted to see if the community had any answers before I went to Adobe Support.

Avatar

Level 2

If I turn on verbose mode for curl, I see that it's an HTTP 403 Forbidden error.

 

< HTTP/1.1 403 Forbidden
< Server: openresty
< Date: Mon, 04 Oct 2021 13:33:45 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept, Accept-Language, Authorization, If-Modified-Since, X-Api-Key
< Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, PATCH

I found in the docs where the 403 Forbidden can mean any of these:

 

 

403 Forbidden

Possible causes are:

Missing API key.
The organization is currently migrating. Either from DMA or to One Console.
API key is not permitted access.

So, my guess is that the API key is not permitted access.

That leads me to ask, how do I get access to the UMAPI?

 

 

 

Avatar

Correct answer by
Level 2

I got it figured out. I was using the I/O Management API and not the User Management API. I also was using the ent_adobeio_sdk metascope and not the ent_user_sdk metascope. Once I got them switched out, it all started working.