Adobe credentials for standalone actions execution | Community
Skip to main content
Urs_Boller
Community Advisor
Urs_BollerCommunity Advisor
Community Advisor
August 25, 2020
Solved

Adobe credentials for standalone actions execution

  • August 25, 2020
  • 1 reply
  • 1938 views

We successfully implemented a Firefly App that fetches data from an external API and writes data into Adobe Analytics (using the old API 1.4). This works perfekt since the action can use the UI-User credentials (read from params) like this:

const resHeaders = { "authorization": params.__ow_headers["authorization"], "x-api-key": params.__ow_headers["x-api-key"], "w-gw-ims-org-id": params.__ow_headers["w-gw-ims-org-id"], "x-api-key": params.__ow_headers["x-api-key"] }

 but where does the action gets the credentials if there is no UI providing the params? what "user/key" does it have to execute requests against Analytics API? or can I somewhere add credentials to manually set the desired values?
Thanks a lot for the support!

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by duynguyen_adobe

Hi @urs_boller , first of all it would be good to identify whether your app is an SPA or headless, as described in the Security Overview . I assume you have the `require-adobe-auth` flag set to true for your actions.

If it is an SPA, the user token must be passed from the Adobe Experience Cloud (ExC) Shell, specific to the user session you are logged in.

If it is a headless app, you need to pass a service token which is obtained with the JWT auth flow.

You could also use a user token in a headless app to call the backend services, as long as it has valid authorization and scopes. However, you can not use a service token to call backend services of an SPA, because the session has to be tied to a specific user.

Please let me know if something needs further clarification.

1 reply

D
Adobe Employee
duynguyen_adobeAdobe EmployeeAccepted solution
Adobe Employee
August 25, 2020

Hi @urs_boller , first of all it would be good to identify whether your app is an SPA or headless, as described in the Security Overview . I assume you have the `require-adobe-auth` flag set to true for your actions.

If it is an SPA, the user token must be passed from the Adobe Experience Cloud (ExC) Shell, specific to the user session you are logged in.

If it is a headless app, you need to pass a service token which is obtained with the JWT auth flow.

You could also use a user token in a headless app to call the backend services, as long as it has valid authorization and scopes. However, you can not use a service token to call backend services of an SPA, because the session has to be tied to a specific user.

Please let me know if something needs further clarification.

D
Adobe Employee
duynguyen_adobeAdobe Employee
Adobe Employee
August 25, 2020

Hi @urs_boller, in that case you first need to remove the web-src/ folder to make your app headless instead of SPA, so that JWT token can be validated.

 

aio app delete web-assets

 

To test the token, you could retrieve it from I/O Console, under "Generate JWT token" in your project, and pass it in the request header to your action, e.g. `Authorization: Bearer ey1234567890....`.

To have the token generation in action code, you could leverage the Adobe IMS SDK . Please note that, it's better not to expose your action as a web action in this case, because then anyone can access your data. What would make sense for this authentication is a cron job which runs at interval to import data from Analytics, for example. You can use the Alarms package to set up this cron job.

Terms & ConditionsAccessibility statement

Loading footer...