Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Adobe Target Admin API error code:403003, API key is invalid


Level 3

I am trying to use the Adobe Target Admin API and I have encountered the following error while using any of the admin API request:


    "error_code": "403003",

    "message": "Api Key is invalid"


Note: The API key that I am using in any admin API request is same as the API key I used to generate JWT and access token using JWT.

Steps followed:

Step 1: Integration of Target API with public certificate in Adobe I/O console - Successful

Step 2: Generate JWT signed with private key - Successful

Step 3: Exchange JWT with access token - Successful

Step 4: Use the access token generated in Step-3 in an admin API request - Unsuccessful (Error Message - "Api key is Invalid")

Is it because of the fourth parameter in JWT payload from API Integration is different from that provided in sample code of Adobe I/O Authentication document? i.e.

Parameter in Sample code: '': true

Parameter in JWT payload from API: "": true,

JWT Payload:


    "exp": 1524821003,

    "iss": "....@AdobeOrg",

    "sub": "",

   "": true,

    "aud": ""


4 Replies



Here's a more detailed step by step how to document on generating the API token.  Please try these steps to check if your issue is resolved .

1 - Generate private key and public certificate per the following documentation:

On a Mac, the following commands are built into terminal.

On a PC, you will need to download Cygwin (or other tool of personal preference) and run it from command line.   Here are the steps to download and install Cygwin:

  1. Browse to:
  2. Download and run setup-x86_64.exe

Notes:  Your home directory will be: C:\cygwin64\home\WINDOWSUSER
You can search for and install additional packages during the install phase. I recommend installing everything related to "curl" and "ssh"

Here is the command to run:

$ openssl req -nodes -text -x509 -newkey rsa:2048 -keyout secret.pem -out certificate.pem -days 356

Note:  It will ask you several questions that you need to fill out to generate the certificate, see screenshot below:User-added imageAfter the files have been created, you will convert the secret.key to secret.pem using the following command:

$ openssl pkcs8 -topk8 -inform PEM -outform DER -in secret.pem  -nocrypt > secret.key

Here are the files that are created on your file system (you may move these files to another location on your machine at this point for organization):User-added imageNotes:  The files will be generated in your home directory: C:\cygwin64\home\WINDOWSUSER

2 - Create integration within the Adobe IO console:

Go to

Select company

click "New Integration" buttonUser-added image

Select "Access an API" option, then click "continue"User-added image
Select Adobe Solution (currently only available for Target)

Note: User must be a user of the Experience Cloud AND have access to that solution.User-added imageSelect "New integration" and click "Continue"User-added imageFill out integration formUser-added imageDrag "certificate.pem" from file system into form to uploadUser-added imageOnce the file is uploaded, click "Create integration" button - see screenshot: fileuploaded_createintUser-added imageWhen processing is complete, click "continue to integration details"User-added imageSuccess!  You have now created an integrationUser-added image

3 - Generate JSON Web Token (JWT):

In the Integration UI, click on the JWT tab, paste in private key, click Generate JWT button - see screenshot: generating JWT - inputUser-added imageOnce it is generated, you will see the JWT and a sample CURL command

Click on "copy" icon below "Generated JWT"User-added image4 - Exchange JWT for Bearer Access Token:

Note: If you run this in terminal on a Mac, the response seems to get truncated.  Instead, use Postman

Download and install free API tool named "Postman" (available on Mac, Windows, or Linux):

Import this api call into Postman by copying the code below into a text file on your computer with a .json extension:

{"id":"f6854718-2800-64a8-238e-e785e344f6cf","name":"Exchange JWT for Bearer token","description":"","order":["048b6fc7-f1db-5028-ff21-45778613e2c5"],"folders":[],"folders_order":[],"timestamp":1516812553075,"owner":"860614","public":false,"events":[],"variables":[],"auth":null,"requests":[{"id":"048b6fc7-f1db-5028-ff21-45778613e2c5","name":"Exchange JWT for Bearer token","collectionId":"f6854718-2800-64a8-238e-e785e344f6cf","method":"POST","description":"JWT exchange flow","headers":"","dataMode":"params","data":[{"key":"client_id","value":"0fa5e762277c414f903649dd51424ac6","type":"text"},{"key":"client_secret","value":"9ff026f2-dfa4-4228-8dfa-11d809d4706b","type":"text"},{"key":"jwt_token","value":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0ODg4ODMzMzIsImlzcyI6IjY1NzhBNTU0NTZFODRFMjQ3RjAwMDEwMUBBZG9iZU9yZyIsInN1YiI6IjlDQjEyOTlENThCM0VDNkYwQTQ5NUM3RkB0ZWNoYWNjdC5hZG9iZS5jb20iLCJhdWQiOiJodHRwczovL2ltcy1uYTEuYWRvYmVsb2dpbi5jb20vYy8wZmE1ZTc2MjI3N2M0MTRmOTAzNjQ5ZGQ1MTQyNGFjNiIsImh0dHBzOi8vaW1zLW5hMS5hZG9iZWxvZ2luLmNvbS9zL2VudF9zbWFydGNvbnRlbnRfc2RrIjp0cnVlfQ.LwiDDjhwUfZ2ap89vfWd2ZVnfG-FwpQplKvzEecTLua_hvGNfQAZBPTHbVaXICPkeNjr41cRUr_OmNuOmtFOwVokUjd5rQCaGOqBNWWKPAyAAdXhBdE05oFa2Gar6adytKv-vf7gAnVQbv-PUADbCCtmxoOygbafXi9V3ZHz1FBwPJ8vpnZH4Il3zVf420XwnzLa9IB02nUciG_fQ0b1Qgj429Yi7m-lhW--2bMZKyNdSnioNaICFg6ASY1vnNm1zICPla224K_Lwzbrye8itgQStRUp1mH53Ww36xzqVxNIYLQCEoI9qxAJlR0HQhaXeSPrU9PmcExIyKBim2CZzg","type":"text"}],"rawModeData":"","url":"https:\/\/\/ims\/exchange\/jwt\/","responses":[],"pathVariableData":[],"queryParams":[],"headerData":[],"auth":null,"collection_id":"08283cc0-461e-155c-e07f-ca64bae1dcae","isFromCollection":true,"collectionRequestId":"29f7fc5f-7e6d-01d4-de86-2f273b8a6429","currentHelper":null,"helperAttributes":null}]}

example filename: exchangeJwt.jsonUser-added image

Import file into Postman by going to file > Import:  you can drag and drop the .json file here or browse for the fileUser-added imageThis will create a "collection" in Postman on the left-hand side, with one API call in it named "Exchange JWT for Bearer token"User-added imageClick on the API call "Exchange JWT for Bearer token"

In the main section of the UI this is what you will seeUser-added imageNote: as highlighted in red above, I'm in the "Body" tab.  If you are in another tab, you will not see the three pieces of information that are required

Info Needed:

  • client_id: get from Integration overview page
  • client_secret: generate on Integration overview page
  • jwt_token: paste in generated JWT token that you copied in previous step

Click "send"

The bearer token is retrieved, which will be used to make API calls

User-added image

The access_token is what will be used as part of the API calls you intend to run

"access_token": "eyJ4NXUiOiJpbXNfbmExLWtleS0xLmNlciIsImFsZyI6IlJTMjU2In0.eyJpZCI6IjE1MTY3NDgxNjU5MzZfMjdiNTkwYmUtYjVlYy00ZjhiLTkzNWEtZTAyMjZmYTZiYTk1X3VlMSIsImNsaWVudF9pZCI6IjQyOTkxMzRlNzRkNTRkNTZhY2YyYTc4YjcyYTdlNDFlIiwidXNlcl9pZCI6IjkwNTEyQTlDNUE2N0I3ODEwQTQ5NUM5NEB0ZWNoYWNjdC5hZG9iZS5jb20iLCJ0eXBlIjoiYWNjZXNzX3Rva2VuIiwiYXMiOiJpbXMtbmExIiwiZmciOiJTRDRZQUNZSEhQSDdPRkFBQUFBQUFBQUFFST09PT09PSIsIm1vaSI6IjM3NTliZjQxIiwiYyI6IndTVTd3b1hIZkZSQk5xQmo3M2Z4anc9PSIsImV4cGlyZXNfaW4iOiI4NjQwMDAwMCIsInNjb3BlIjoib3BlbmlkLEFkb2JlSUQsdGFyZ2V0X3NkayxyZWFkX29yZ2FuaXphdGlvbnMsYWRkaXRpb25hbF9pbmZvLnByb2plY3RlZFByb2R1Y3RDb250ZXh0IiwiY3JlYXRlZF9hdCI6IjE1MTY3NDgxNjU5MzYifQ.fVJVREKZH3PM71-Y05Kkqqxq_O_z7BL5NL6S4ypNoSwLuqR9WOiXsF0GYcWZr6oO-jgYj8WrRePQLkg4GSoVthSbbXU6aqajPV2TsFNHpXRuJFBhql0e2eVCEE_pVI9O_uCa8RloGjJuFyyEAvroQFEIJzC7Q-OAnkXMT7xD-3r1cEV2xP_N3s86t34M5udO4fjas3RCJtAS1BEZOotlF_rB0kfvCZR9Krf-SVi_VedpsK7ipoJGfs7CLdN-_a4YGTC2CBJXwdK-4T0QJRkWedr8ooS0tzzfVcQ4WEZfw1edi-OYSuIbXf-Obl5R9NCzi5RMceiGTyGMyRrEcmy3WQ"

5 - Example API call:


Run Target call with access token

User-added image


Level 3

Hi There, Thanks for the reply. The error that I am facing is on the 5th step (in the flow mentioned). I have successfully completed first four steps and have successfully generated an Access Token with (X) client secret and (Y) client ID (or API ID). When I am using the access token generated to access an API (i.e. step 5) I am getting an error of "API Key is invalid", I am using the same API Key (Client ID) that i used to generate Access token.



kartikbhatia If you still face issues generating the token, then you will need to submit a support ticket via this link . There is a dedicated team that handle issues with adobe io and they should be able to assist you further on this.


Level 3

Great detailed reply! It's a shame that the picture links are dead.