REST authentication
Adobe Commerce Optimizer uses Adobe's Identity Management Service (IMS) with OAuth 2.0 for secure API access. This system supports both user-based workflows and automated integrations.
This guide covers direct API access using bearer tokens generated from your Adobe developer project. Tokens expire after 24 hours and can be refreshed using your project credentials.
For more information about IMS user authentication for other use cases, see the User Authentication Implementation Guide in the Adobe Developer Console documentation.
Obtain IMS credentials
For direct access to the Data Ingestion API, you must authenticate using a bearer token.
Authorization: Bearer {access token}
This token is generated from the credentials of an Adobe developer project that is configured for API access. The token is valid for 24 hours. When it expires, use the Adobe developer project credentials to generate a new one.
Get credentials and bearer access tokens
To get API authentication credentials and tokens, create an Adobe developer project to enable communication between your Commerce project and Merchandising Services APIs.
To create Projects for enterprise organizations, you must have a system administrator or developer role. For information on managing developers from the admin console, see Managing developers in the Adobe Enterprise & Teams Administration Guide.
Log in to the Adobe Developer Console.
Select the Experience Cloud Organization for the integration.
Create an API project.
Add the Adobe I/O Events for Adobe Commerce API to your project. Then, click Next.
Configure the Client ID and Client Secret credentials by selecting the OAUTH Server to Server Authentication option.
Click Save configured API.
In the Connected Credentials section, view API configuration details by selecting OAUTH Server-to-Server.
Copy the Client ID and the Client Secret values to a secure location.
Use the Client ID and Client Secret to refresh expired bearer tokens [using curl].
Include the Client ID in the
x-api-key
header to authenticate API requests.
Get the bearer access token.
Select Generate Access Token.
Save the bearer token to a secure location.
The bearer token is valid for 24 hours. You can use the same bearer token for all API requests until it expires.
Generate a new access token
Once you have the required credentials for IMS authentication, use the following cURL request to generate a new bearer token after the current token expires:
Copied to your clipboardcurl --request POST \--url 'https://ims-na1.adobelogin.com/ims/token/v3' \--header 'Content-Type: application/x-www-form-urlencoded' \--data 'grant_type=client_credentials' \--data 'client_id={{client-id-value}}' \--data 'client_secret={{client-secret-value}}' \--data 'scope=adobeio_api,openid,AdobeID,read_organizations'
Replace the following placeholders with your credentials:
<client_id>
: The client ID generated for your Adobe developer project<client_secret>
: The client secret generated for your Adobe developer project
You can get these credentials from the Adobe Developer Console project details page. If you don't have access to the developer console, contact your system administrator for assistance.
For information on managing, refreshing, and revoking bearer tokens, see the User Authentication Implementation Guide in the Adobe Developer Console documentation.