Expand my Community achievements bar.

Join us WEDNESDAY, 6/7/23 @8am PT for the next Adobe Target Community Q&A Coffee Break! Bill Ozinga, John Mosbaugh, Justin Patrick, and Eric Thibeault will be taking all of your Target Recommendations questions in the chat ~ learn more and register today!

Adobe Target Admin API error code:403003, API key is invalid


Level 3

I am trying to use the Adobe Target Admin API and I have encountered the following error while using any of the admin API request:


    "error_code": "403003",

    "message": "Api Key is invalid"


Note: The API key that I am using in any admin API request is same as the API key I used to generate JWT and access token using JWT.

Steps followed:

Step 1: Integration of Target API with public certificate in Adobe I/O console - Successful

Step 2: Generate JWT signed with private key - Successful

Step 3: Exchange JWT with access token - Successful

Step 4: Use the access token generated in Step-3 in an admin API request - Unsuccessful (Error Message - "Api key is Invalid")

Is it because of the fourth parameter in JWT payload from API Integration is different from that provided in sample code of Adobe I/O Authentication document? i.e.

Parameter in Sample code: 'https://ims-na1.adobelogin.com/s/ent_smartcontent_sdk': true

Parameter in JWT payload from API: "https://ims-na1.adobelogin.com/s/example_sdk": true,

JWT Payload:


    "exp": 1524821003,

    "iss": "....@AdobeOrg",

    "sub": "....@techacct.adobe.com",

   "https://ims-na1.adobelogin.com/s/example_sdk": true,

    "aud": "https://ims-na1.adobelogin.com/c/....."


4 Replies



Here's a more detailed step by step how to document on generating the API token.  Please try these steps to check if your issue is resolved .

1 - Generate private key and public certificate per the following documentation: https://www.adobe.io/apis/cloudplatform/console/authentication/createcert.html

On a Mac, the following commands are built into terminal.

On a PC, you will need to download Cygwin (or other tool of personal preference) and run it from command line.   Here are the steps to download and install Cygwin:

  1. Browse to: https://cygwin.com/install.html
  2. Download and run setup-x86_64.exe

Notes:  Your home directory will be: C:\cygwin64\home\WINDOWSUSER
You can search for and install additional packages during the install phase. I recommend installing everything related to "curl" and "ssh"

Here is the command to run:

$ openssl req -nodes -text -x509 -newkey rsa:2048 -keyout secret.pem -out certificate.pem -days 356

Note:  It will ask you several questions that you need to fill out to generate the certificate, see screenshot below:User-added imageAfter the files have been created, you will convert the secret.key to secret.pem using the following command:

$ openssl pkcs8 -topk8 -inform PEM -outform DER -in secret.pem  -nocrypt > secret.key

Here are the files that are created on your file system (you may move these files to another location on your machine at this point for organization):User-added imageNotes:  The files will be generated in your home directory: C:\cygwin64\home\WINDOWSUSER

2 - Create integration within the Adobe IO console:

Go to https://console.adobe.io/

Select company

click "New Integration" buttonUser-added image

Select "Access an API" option, then click "continue"User-added image
Select Adobe Solution (currently only available for Target)

Note: User must be a user of the Experience Cloud AND have access to that solution.User-added imageSelect "New integration" and click "Continue"User-added imageFill out integration formUser-added imageDrag "certificate.pem" from file system into form to uploadUser-added imageOnce the file is uploaded, click "Create integration" button - see screenshot: fileuploaded_createintUser-added imageWhen processing is complete, click "continue to integration details"User-added imageSuccess!  You have now created an integrationUser-added image

3 - Generate JSON Web Token (JWT):

In the Integration UI, click on the JWT tab, paste in private key, click Generate JWT button - see screenshot: generating JWT - inputUser-added imageOnce it is generated, you will see the JWT and a sample CURL command

Click on "copy" icon below "Generated JWT"User-added image4 - Exchange JWT for Bearer Access Token:

Note: If you run this in terminal on a Mac, the response seems to get truncated.  Instead, use Postman

Download and install free API tool named "Postman" (available on Mac, Windows, or Linux):  https://www.getpostman.com/

Import this api call into Postman by copying the code below into a text file on your computer with a .json extension:

{"id":"f6854718-2800-64a8-238e-e785e344f6cf","name":"Exchange JWT for Bearer token","description":"","order":["048b6fc7-f1db-5028-ff21-45778613e2c5"],"folders":[],"folders_order":[],"timestamp":1516812553075,"owner":"860614","public":false,"events":[],"variables":[],"auth":null,"requests":[{"id":"048b6fc7-f1db-5028-ff21-45778613e2c5","name":"Exchange JWT for Bearer token","collectionId":"f6854718-2800-64a8-238e-e785e344f6cf","method":"POST","description":"JWT exchange flow","headers":"","dataMode":"params","data":[{"key":"client_id","value":"0fa5e762277c414f903649dd51424ac6","type":"text"},{"key":"client_secret","value":"9ff026f2-dfa4-4228-8dfa-11d809d4706b","type":"text"},{"key":"jwt_token","value":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0ODg4ODMzMzIsImlzcyI6IjY1NzhBNTU0NTZFODRFMjQ3RjAwMDEwMUBBZG9iZU9yZyIsInN1YiI6IjlDQjEyOTlENThCM0VDNkYwQTQ5NUM3RkB0ZWNoYWNjdC5hZG9iZS5jb20iLCJhdWQiOiJodHRwczovL2ltcy1uYTEuYWRvYmVsb2dpbi5jb20vYy8wZmE1ZTc2MjI3N2M0MTRmOTAzNjQ5ZGQ1MTQyNGFjNiIsImh0dHBzOi8vaW1zLW5hMS5hZG9iZWxvZ2luLmNvbS9zL2VudF9zbWFydGNvbnRlbnRfc2RrIjp0cnVlfQ.LwiDDjhwUfZ2ap89vfWd2ZVnfG-FwpQplKvzEecTLua_hvGNfQAZBPTHbVaXICPkeNjr41cRUr_OmNuOmtFOwVokUjd5rQCaGOqBNWWKPAyAAdXhBdE05oFa2Gar6adytKv-vf7gAnVQbv-PUADbCCtmxoOygbafXi9V3ZHz1FBwPJ8vpnZH4Il3zVf420XwnzLa9IB02nUciG_fQ0b1Qgj429Yi7m-lhW--2bMZKyNdSnioNaICFg6ASY1vnNm1zICPla224K_Lwzbrye8itgQStRUp1mH53Ww36xzqVxNIYLQCEoI9qxAJlR0HQhaXeSPrU9PmcExIyKBim2CZzg","type":"text"}],"rawModeData":"","url":"https:\/\/ims-na1.adobelogin.com\/ims\/exchange\/jwt\/","responses":[],"pathVariableData":[],"queryParams":[],"headerData":[],"auth":null,"collection_id":"08283cc0-461e-155c-e07f-ca64bae1dcae","isFromCollection":true,"collectionRequestId":"29f7fc5f-7e6d-01d4-de86-2f273b8a6429","currentHelper":null,"helperAttributes":null}]}

example filename: exchangeJwt.jsonUser-added image

Import file into Postman by going to file > Import:  you can drag and drop the .json file here or browse for the fileUser-added imageThis will create a "collection" in Postman on the left-hand side, with one API call in it named "Exchange JWT for Bearer token"User-added imageClick on the API call "Exchange JWT for Bearer token"

In the main section of the UI this is what you will seeUser-added imageNote: as highlighted in red above, I'm in the "Body" tab.  If you are in another tab, you will not see the three pieces of information that are required

Info Needed:

  • client_id: get from Integration overview page
  • client_secret: generate on Integration overview page
  • jwt_token: paste in generated JWT token that you copied in previous step

Click "send"

The bearer token is retrieved, which will be used to make API calls

User-added image

The access_token is what will be used as part of the API calls you intend to run

"access_token": "eyJ4NXUiOiJpbXNfbmExLWtleS0xLmNlciIsImFsZyI6IlJTMjU2In0.eyJpZCI6IjE1MTY3NDgxNjU5MzZfMjdiNTkwYmUtYjVlYy00ZjhiLTkzNWEtZTAyMjZmYTZiYTk1X3VlMSIsImNsaWVudF9pZCI6IjQyOTkxMzRlNzRkNTRkNTZhY2YyYTc4YjcyYTdlNDFlIiwidXNlcl9pZCI6IjkwNTEyQTlDNUE2N0I3ODEwQTQ5NUM5NEB0ZWNoYWNjdC5hZG9iZS5jb20iLCJ0eXBlIjoiYWNjZXNzX3Rva2VuIiwiYXMiOiJpbXMtbmExIiwiZmciOiJTRDRZQUNZSEhQSDdPRkFBQUFBQUFBQUFFST09PT09PSIsIm1vaSI6IjM3NTliZjQxIiwiYyI6IndTVTd3b1hIZkZSQk5xQmo3M2Z4anc9PSIsImV4cGlyZXNfaW4iOiI4NjQwMDAwMCIsInNjb3BlIjoib3BlbmlkLEFkb2JlSUQsdGFyZ2V0X3NkayxyZWFkX29yZ2FuaXphdGlvbnMsYWRkaXRpb25hbF9pbmZvLnByb2plY3RlZFByb2R1Y3RDb250ZXh0IiwiY3JlYXRlZF9hdCI6IjE1MTY3NDgxNjU5MzYifQ.fVJVREKZH3PM71-Y05Kkqqxq_O_z7BL5NL6S4ypNoSwLuqR9WOiXsF0GYcWZr6oO-jgYj8WrRePQLkg4GSoVthSbbXU6aqajPV2TsFNHpXRuJFBhql0e2eVCEE_pVI9O_uCa8RloGjJuFyyEAvroQFEIJzC7Q-OAnkXMT7xD-3r1cEV2xP_N3s86t34M5udO4fjas3RCJtAS1BEZOotlF_rB0kfvCZR9Krf-SVi_VedpsK7ipoJGfs7CLdN-_a4YGTC2CBJXwdK-4T0QJRkWedr8ooS0tzzfVcQ4WEZfw1edi-OYSuIbXf-Obl5R9NCzi5RMceiGTyGMyRrEcmy3WQ"

5 - Example API call:


Run Target call with access token

User-added image


Level 3

Hi There, Thanks for the reply. The error that I am facing is on the 5th step (in the flow mentioned). I have successfully completed first four steps and have successfully generated an Access Token with (X) client secret and (Y) client ID (or API ID). When I am using the access token generated to access an API (i.e. step 5) I am getting an error of "API Key is invalid", I am using the same API Key (Client ID) that i used to generate Access token.



kartikbhatia If you still face issues generating the token, then you will need to submit a support ticket via this link https://www.adobe.io/contactus.html . There is a dedicated team that handle issues with adobe io and they should be able to assist you further on this.


Level 3

Great detailed reply! It's a shame that the picture links are dead.

page footer