Get Credentials

Get credentials

After signing in, you can create credentials that can be used to call the Platform APIs.

Access Control API (1.0)

Download OpenAPI specification:Download

Access Control in Adobe Experience Platform allows organization administrators to assign roles and permissions for various Platform capabilities. The Access Control API provides a public endpoint to retrieve effective policies for a user on given resources within a specified sandbox. All other access control capabilities are provided through the Adobe Admin Console.

Related documentation:
- Access Control documentation
Visualize API calls with Postman (a free, third-party software):
API paths:
- PLATFORM Gateway URL: https://platform.adobe.io
- Base path for this API: /data/foundation/access-control
- Example of a complete path for making a call to "/acl/effective-policies": https://platform.adobe.io/data/foundation/access-control/acl/effective-policies
Required headers:
- All service calls require the headers Authorization, x-gw-ims-org-id, and x-api-key. For more information on how to obtain these values, see the authentication tutorial.
- All resources in Experience Platform are isolated to specific virtual sandboxes. All requests to Platform APIs require the header x-sandbox-name whose value is the all-lowercase name of the sandbox the operation will take place in (for example, "prod"). See the sandboxes overview for more information.
- All requests with a payload in the request body (such as POST, PUT, and PATCH calls) must include the header Content-Type with a value of application/json.

(NEW) Interactive API documentation

You can now interact with the Experience Platform API endpoints directly from this API reference page. Get your authentication credentials and use the Try it functionality in the right rail. Note that by using this functionality, you are making real API calls. Keep this in mind when you interact with production sandboxes.

Access Control Policies

Access control policies provide information about resources and permissions for the current user. More information about using this set of endpoints can be found in the access control endpoint guide.

List all available permission names and resource types

Request

header Parameters

Authorization required	string The access token which can be copied from your Experience Platform integration, prefixed with "Bearer ". For more information on how to obtain this value, visit the authentication tutorial. If a user token is being passed, then the user of the token must have an “org admin” role for the requested org.
x-api-key required	string The API key which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.
x-gw-ims-org-id required	string The Organization ID which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.
x-sandbox-name required	string The name of the sandbox in which the operation will take place. See the sandboxes overview documentation for more information.

Responses

200

Successful operation

400

Bad request

500

Internal server error

get/acl/reference

Response samples

application/json

{"permissions": {"export-audience-for-segment": {"segments": ["read"
]
},
"manage-datasets": {"connection": ["read",
"write",
"delete"
],
"datasets": ["read",
"write",
"delete"
],
"datasets-data": ["read",
"write",
"delete"
],
"dule-label": ["read",
"write",
"delete"
],
"schemas": ["read"
]
},
"manage-identity-namespaces": {"identity-namespaces": ["read",
"write",
"delete"
]
},
"manage-profiles": {"datasets": ["read",
"write"
],
"profile-configs": ["read",
"write",
"delete"
],
"profile-datasets": ["read",
"write",
"delete"
],
"profiles": ["read",
"write",
"delete"
],
"schemas": ["read"
],
"segment-jobs": ["write"
],
"segments": ["read",
"write",
"delete"
]
},
"manage-sandboxes": {"sandboxes": ["read",
"write",
"delete"
]
},
"manage-shemas": {"classes": ["read",
"write",
"delete"
],
"data-types": ["read",
"write",
"delete"
],
"identity-descriptor": ["read",
"write",
"delete"
],
"mixins": ["read",
"write",
"delete"
],
"relationship-descriptor": ["read",
"write",
"delete"
],
"schemas": ["read",
"write",
"delete"
]
},
"reset-sandboxes": {"reset-sandboxes": ["read",
"write"
]
},
"view-datasets": {"connection": ["read"
],
"datasets": ["read"
],
"datasets-data": ["read"
],
"dule-label": ["read"
],
"schemas": ["read"
]
},
"view-identity-namespaces": {"identity-namespaces": ["read"
]
},
"view-monitoring-dashboard": {"datasets": ["read"
],
"datasets-data": ["read"
],
"monitoring": ["read"
]
},
"view-profiles": {"datasets": ["read"
],
"profile-configs": ["read"
],
"profile-datasets": ["read",
"write",
"delete"
],
"profiles": ["read"
],
"schemas": ["read"
],
"segments": ["read"
]
},
"view-sandboxes": {"sandboxes": ["read"
]
},
"view-schemas": {"classes": ["read"
],
"data-types": ["read"
],
"identity-descriptor": ["read"
],
"mixins": ["read"
],
"relationship-descriptor": ["read"
],
"schemas": ["read"
]
}
},
"resource-types": {"classes": ["read",
"write",
"delete"
],
"connection": ["read",
"write",
"delete"
],
"data-types": ["read",
"write",
"delete"
],
"datasets": ["read",
"write",
"delete"
],
"datasets-data": ["read",
"write",
"delete"
],
"dule-label": ["read",
"write",
"delete"
],
"identity-descriptor": ["read",
"write",
"delete"
],
"identity-namespaces": ["read",
"write",
"delete"
],
"mixins": ["read",
"write",
"delete"
],
"monitoring": ["read",
"write",
"delete"
],
"profile-configs": ["read",
"write",
"delete"
],
"profile-datasets": ["read",
"write",
"delete"
],
"profiles": ["read",
"write",
"delete"
],
"relationship-descriptor": ["read",
"write",
"delete"
],
"reset-sandboxes": ["read",
"write",
"delete"
],
"sandboxes": ["read",
"write",
"delete"
],
"schemas": ["read",
"write",
"delete"
],
"segment-jobs": ["read",
"write",
"delete"
],
"segments": ["read",
"write",
"delete"
]
}
}

List all effective policies

You can list all the effective policies for a user on a given resources within a sandbox by making a POST request to the /acl/effective-policies endpoint.

Request

header Parameters

Authorization required	string The access token which can be copied from your Experience Platform integration, prefixed with "Bearer ". For more information on how to obtain this value, visit the authentication tutorial. If a user token is being passed, then the user of the token must have an “org admin” role for the requested org.
x-api-key required	string The API key which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.
x-gw-ims-org-id required	string The Organization ID which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.
x-sandbox-name required	string The name of the sandbox in which the operation will take place. See the sandboxes overview documentation for more information.
Content-Type required	string application/json

Request Body schema: /
required

List of resource urls. Example url : /resource-types/{resourceName} or /permissions/{highLevelPermissionName}

Array

string

The permissions and resource types associated with the given schema.

Enum: "/permissions/manage-dataset" "/resource-types/schema" "/permissions/manage-schemas"

Responses

200

Successful operation

post/acl/effective-policies

Response samples

application/json

"[ '/resource-types/schemas': [ 'write', 'delete', 'read' '], '/permissions/manage-schemas': [ '*' ] ]"

Attribute Based Access Control Roles

Attribute based access control roles define the access that an administrator, a specialist, or an end-user has to resources in your organization. More information about using this set of endpoints can be found in the roles endpoint guide.

List all existing roles

Request

header Parameters

Authorization required	string The access token which can be copied from your Experience Platform integration, prefixed with "Bearer ". For more information on how to obtain this value, visit the authentication tutorial. If a user token is being passed, then the user of the token must have an “org admin” role for the requested org.
x-api-key required	string The API key which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.
x-gw-ims-org-id required	string The Organization ID which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.

Responses

200

Successful operation

get/administration/roles

Response samples

application/json

{"roles": [{"id": "3dfa045d-de58-4dfd-8ea9-e4e2c1b6d809",
"name": "Administrator Role",
"description": "Role for administrator type of responsibilities and access.",
"roleType": "user-defined",
"permissionSets": ["manage-datasets",
"manage-schemas"
],
"sandboxes": ["prod"
],
"subjectAttributes": {"labels": ["core/S1"
]
},
"createdBy": "example@AdobeID",
"createdAt": 1648153201825,
"modifiedBy": "example@AdobeID",
"modifiedAt": 1648153201825,
"etag": null
}
],
"_page": {"limit": 1,
"count": 1
},
"_links": {"next": {"href": "https://platform.adobe.io:443/data/foundation/access-control/administration/roles/3dfa045d-de58-4dfd-8ea9-e4e2c1b6d809",
"templated": true
},
"page": {"href": "https://platform.adobe.io:443/data/foundation/access-control/administration/roles/3dfa045d-de58-4dfd-8ea9-e4e2c1b6d809",
"templated": true
},
"subjects": {"href": "https://platform.adobe.io:443/data/foundation/access-control/administration/roles/3dfa045d-de58-4dfd-8ea9-e4e2c1b6d809",
"templated": true
}
}
}

Create a new role

Request

header Parameters

Authorization required	string The access token which can be copied from your Experience Platform integration, prefixed with "Bearer ". For more information on how to obtain this value, visit the authentication tutorial. If a user token is being passed, then the user of the token must have an “org admin” role for the requested org.
x-api-key required	string The API key which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.
x-gw-ims-org-id required	string The Organization ID which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.

Request Body schema: application/json

The request body for creating a role.

name	string The name of your role.
description	string A descriptive value that you can include to provide more information on your role.
roleType	string The designated type of the role. The possible values for role type are user-defined and system-defined. Enum: "user-defined" "system-defined"

Responses

200

Successful operation

post/administration/roles

Request samples

Payload

application/json

{"name": "People who ordered in the last 30 days",
"description": "Role for administrator type of responsibilities and access.",
"roleType": "user-defined"
}

Response samples

application/json

{"id": "3dfa045d-de58-4dfd-8ea9-e4e2c1b6d809",
"name": "Administrator Role",
"description": "Role for administrator type of responsibilities and access.",
"roleType": "user-defined",
"permissionSets": ["manage-datasets",
"manage-schemas"
],
"sandboxes": ["prod"
],
"subjectAttributes": {"labels": ["core/S1"
]
},
"createdBy": "example@AdobeID",
"createdAt": 1648153201825,
"modifiedBy": "example@AdobeID",
"modifiedAt": 1648153201825,
"etag": null
}

Retrieve a role

Request

path Parameters

ROLE_ID

required

string

The ID of the role you want to retrieve.

Example: 3dfa045d-de58-4dfd-8ea9-e4e2c1b6d809

header Parameters

Authorization required	string The access token which can be copied from your Experience Platform integration, prefixed with "Bearer ". For more information on how to obtain this value, visit the authentication tutorial. If a user token is being passed, then the user of the token must have an “org admin” role for the requested org.
x-api-key required	string The API key which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.
x-gw-ims-org-id required	string The Organization ID which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.

Responses

200

Successful operation

get/administration/roles/{ROLE_ID}

Response samples

application/json

{"id": "3dfa045d-de58-4dfd-8ea9-e4e2c1b6d809",
"name": "Administrator Role",
"description": "Role for administrator type of responsibilities and access.",
"roleType": "user-defined",
"permissionSets": ["manage-datasets",
"manage-schemas"
],
"sandboxes": ["prod"
],
"subjectAttributes": {"labels": ["core/S1"
]
},
"createdBy": "example@AdobeID",
"createdAt": 1648153201825,
"modifiedBy": "example@AdobeID",
"modifiedAt": 1648153201825,
"etag": null
}

Update role properties

Request

path Parameters

ROLE_ID

required

string

The ID of the role you want to update.

Example: 3dfa045d-de58-4dfd-8ea9-e4e2c1b6d809

header Parameters

Authorization required	string The access token which can be copied from your Experience Platform integration, prefixed with "Bearer ". For more information on how to obtain this value, visit the authentication tutorial. If a user token is being passed, then the user of the token must have an “org admin” role for the requested org.
x-api-key required	string The API key which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.
x-gw-ims-org-id required	string The Organization ID which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.

Request Body schema: application/json

The request body for updating a role.

op required	string The operation call used to define the action needed to update the role. Operations include add, replace, and remove. Enum: "add" "replace" "remove"
path required	string The path of the parameter to be updated.
value required	string The new value you want to update your parameter with.

Responses

200

Successful operation

patch/administration/roles/{ROLE_ID}

Request samples

Payload

application/json

{"op": "add",
"path": "/description",
"value": "Role for administrator type of responsibilities and access."
}

Response samples

application/json

{"id": "3dfa045d-de58-4dfd-8ea9-e4e2c1b6d809",
"name": "Administrator Role",
"description": "Role for administrator type of responsibilities and access.",
"roleType": "user-defined",
"permissionSets": ["manage-datasets",
"manage-schemas"
],
"sandboxes": ["prod"
],
"subjectAttributes": {"labels": ["core/S1"
]
},
"createdBy": "example@AdobeID",
"createdAt": 1648153201825,
"modifiedBy": "example@AdobeID",
"modifiedAt": 1648153201825,
"etag": null
}

Update a role by role ID

Request

path Parameters

ROLE_ID

required

string

The ID of the role you want to update.

Example: 3dfa045d-de58-4dfd-8ea9-e4e2c1b6d809

header Parameters

Authorization required	string The access token which can be copied from your Experience Platform integration, prefixed with "Bearer ". For more information on how to obtain this value, visit the authentication tutorial. If a user token is being passed, then the user of the token must have an “org admin” role for the requested org.
x-api-key required	string The API key which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.
x-gw-ims-org-id required	string The Organization ID which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.

Request Body schema: application/json

The request body for updating a role using the role ID.

name required	string The updated name of a role.
description required	string The updated description of a role.
roleType required	string The designated type of the role. The possible values for role type are user-defined and system-defined. Enum: "user-defined" "system-defined"

Responses

200

Successful operation

put/administration/roles/{ROLE_ID}

Request samples

Payload

application/json

{"name": "Administrator Role",
"description": "Role for administrator type of responsibilities and access.",
"roleType": "user-defined"
}

Response samples

application/json

{"id": "3dfa045d-de58-4dfd-8ea9-e4e2c1b6d809",
"name": "Administrator Role",
"description": "Role for administrator type of responsibilities and access.",
"roleType": "user-defined",
"permissionSets": ["manage-datasets",
"manage-schemas"
],
"sandboxes": ["prod"
],
"subjectAttributes": {"labels": ["core/S1"
]
},
"createdBy": "example@AdobeID",
"createdAt": 1648153201825,
"modifiedBy": "example@AdobeID",
"modifiedAt": 1648153201825,
"etag": null
}

Delete a role

Request

path Parameters

ROLE_ID

required

string

The ID of the role you want to delete.

Example: 3dfa045d-de58-4dfd-8ea9-e4e2c1b6d809

header Parameters

Authorization required	string The access token which can be copied from your Experience Platform integration, prefixed with "Bearer ". For more information on how to obtain this value, visit the authentication tutorial. If a user token is being passed, then the user of the token must have an “org admin” role for the requested org.
x-api-key required	string The API key which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.
x-gw-ims-org-id required	string The Organization ID which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.

Responses

204

A successful response returns HTTP status 204 (No Content) and a blank body.

delete/administration/roles/{ROLE_ID}

Response samples

application/json

{ }

Retrieve subjects

Request

path Parameters

ROLE_ID

required

string

The ID of the role you want to retrieve.

Example: 3dfa045d-de58-4dfd-8ea9-e4e2c1b6d809

header Parameters

Authorization required	string The access token which can be copied from your Experience Platform integration, prefixed with "Bearer ". For more information on how to obtain this value, visit the authentication tutorial. If a user token is being passed, then the user of the token must have an “org admin” role for the requested org.
x-api-key required	string The API key which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.
x-gw-ims-org-id required	string The Organization ID which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.

Responses

200

Successful operation

get/administration/roles/{ROLE_ID}/subjects

Response samples

application/json

{"items": [[{"roleId": "3dfa045d-de58-4dfd-8ea9-e4e2c1b6d809",
"subjectType": "user",
"subjectId": "03Z07HFQCCUF3TUHAX274206@AdobeID"
},
{"roleId": "3dfa045d-de58-4dfd-8ea9-e4e2c1b6d809",
"subjectType": "user",
"subjectId": "PIRJ7WE5T3QT9Z4TCLVH86DE@AdobeID"
},
{"roleId": "3dfa045d-de58-4dfd-8ea9-e4e2c1b6d809",
"subjectType": "user",
"subjectId": "WHPWE00MC26SHZ7AKBFG403D@AdobeID"
}
]
],
"_page": {"limit": 1,
"count": 3
},
"_links": {"self": {"href": "https://platform.adobe.io:443/data/foundation/access-control/administration/roles/{ROLE_ID}/subjects",
"templated": true
},
"page": {"href": "https://platform.adobe.io:443/data/foundation/access-control/administration/roles/{ROLE_ID}/subjects?limit={limit}&start={start}&orderBy={orderBy}&property={property}",
"templated": true
}
}
}

Update subjects by role Id

Request

path Parameters

ROLE_ID

required

string

The ID of the role containing the subjects you want to update.

Example: 3dfa045d-de58-4dfd-8ea9-e4e2c1b6d809

header Parameters

Authorization required	string The access token which can be copied from your Experience Platform integration, prefixed with "Bearer ". For more information on how to obtain this value, visit the authentication tutorial. If a user token is being passed, then the user of the token must have an “org admin” role for the requested org.
x-api-key required	string The API key which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.
x-gw-ims-org-id required	string The Organization ID which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.

Request Body schema: application/json

Update the subjects associated with a given a role ID.

op required	string The operation call used to define the action needed to update the role. Operations include add, replace, and remove. Enum: "add" "replace" "remove"
path required	string The path of the parameter to be updated.
value required	string The new value you want to update your parameter with.

Responses

200

Successful operation

patch/administration/roles/{ROLE_ID}/subjects

Request samples

Payload

application/json

{"op": "add",
"path": "/user",
"value": "example@AdobeID"
}

Response samples

application/json

{"subjects": [[{"subjectId": "03Z07HFQCCUF3TUHAX274206@AdobeID",
"subjectType": "user"
}
]
],
"_page": {"limit": 1,
"count": 1
},
"_links": {"self": {"href": "https://platform.adobe.io:443/data/foundation/access-control/administration/roles/{ROLE_ID}/subjects",
"templated": true
},
"page": {"href": "https://platform.adobe.io:443/data/foundation/access-control/administration/roles/{ROLE_ID}/subjects?limit={limit}&start={start}&orderBy={orderBy}&property={property}",
"templated": true
}
}
}

Attribute Based Access Control Policies

Attribute based access control policies are statements that bring attributes together to establish permissible and impermissible actions. More information about using this set of endpoints can be found in the policies endpoint guide.

List all existing policies in your organization

Request

header Parameters

Authorization required	string The access token which can be copied from your Experience Platform integration, prefixed with "Bearer ". For more information on how to obtain this value, visit the authentication tutorial. If a user token is being passed, then the user of the token must have an “org admin” role for the requested org.
x-api-key required	string The API key which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.
x-gw-ims-org-id required	string The Organization ID which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.

Responses

200

Successful operation

get/administration/policies

Response samples

application/json

{"policies": [{"id": "7019068e-a3a0-48ce-b56b-008109470592",
"imsOrgId": "5555467B5D8013E50A494220@AdobeOrg",
"createdBy": "example@AdobeID",
"createdAt": 1652892767559,
"modifiedBy": "example@AdobeID",
"modifiedAt": 1652895736367,
"name": "schema-field",
"description": "schema-field",
"status": "inactive",
"subjectCondition": null,
"rules": [{"effect": "Deny",
"resource": "/orgs/5555467B5D8013E50A494220@AdobeOrg/sandboxes/xql/schemas/*/schema-fields/*",
"condition": "{\"adobe.match_all_labels_by_prefix\":[{\"var\":\"subject.roles.labels\"},\"core/\",{\"var\":\"resource.labels\"}]}",
"actions": ["com.adobe.action.read",
"com.adobe.action.write",
"com.adobe.action.view"
]
},
{"effect": "Permit",
"resource": "/orgs/5555467B5D8013E50A494220@AdobeOrg/sandboxes/*/schemas/*/schema-fields/*",
"condition": "{\"adobe.match_all_labels_by_prefix\":[{\"var\":\"subject.roles.labels\"},\"core/\",{\"var\":\"resource.labels\"}]}",
"actions": ["com.adobe.action.delete"
]
},
{"effect": "Deny",
"resource": "/orgs/5555467B5D8013E50A494220@AdobeOrg/sandboxes/delete-sandbox-adfengine-test-8/segments/*",
"condition": "{\"!\":[{\"adobe.match_any_labels_by_prefix\":[{\"var\":\"subject.roles.labels\"},\"custom/\",{\"var\":\"resource.labels\"}]}]}",
"actions": ["com.adobe.action.write"
]
}
],
"etag": "\"0300593f-0000-0200-0000-62852ff80000\""
}
]
}

Create a new policy

Request

header Parameters

Authorization required	string The access token which can be copied from your Experience Platform integration, prefixed with "Bearer ". For more information on how to obtain this value, visit the authentication tutorial. If a user token is being passed, then the user of the token must have an “org admin” role for the requested org.
x-api-key required	string The API key which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.
x-gw-ims-org-id required	string The Organization ID which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.

Request Body schema: application/json

The request body for creating a policy.

name	string The name of the policy.
description	string A descriptive value that you can include to provide more information on your policy.
imsOrgID	string The organization where the queried policy is accessible.
	object

Responses

200

Successful operation

post/administration/policies

Request samples

Payload

application/json

{"name": "acme-integration-policy",
"description": "Policy for ACME.",
"imsOrgID": "5555467B5D8013E50A494220@AdobeOrg",
"rules": {"effect": "Permit",
"resource": "/orgs/5555467B5D8013E50A494220@AdobeOrg/sandboxes/*",
"condition": "{\"or\":[{\"adobe.match_any_labels_by_prefix\":[{\"var\":\"subject.roles.labels\"},\"core/\",{\"var\":\"resource.labels\"}]},{\"!\":[{\"adobe.match_all_labels_by_prefix\":[{\"var\":\"subject.roles.labels\"},\"core/\",{\"var\":\"resource.labels\"}]}]}]}",
"actions": ["com.adobe.action.read"
]
}
}

Response samples

application/json

[{"id": "c3863937-5d40-448d-a7be-416e538f955e",
"imsOrgId": "5555467B5D8013E50A494220@AdobeOrg",
"createdBy": "example@AdobeID",
"createdAt": 1652988384458,
"modifiedBy": "example@AdobeID",
"modifiedAt": 1652988384458,
"name": "acme-integration-policy",
"description": "Policy for ACME.",
"status": "active",
"subjectCondition": null,
"rules": [{"effect": "Permit",
"resource": "/orgs/5555467B5D8013E50A494220@AdobeOrg/sandboxes/*",
"condition": "{\"or\":[{\"adobe.match_any_labels_by_prefix\":[{\"var\":\"subject.roles.labels\"},\"core/\",{\"var\":\"resource.labels\"}]},{\"!\":[{\"adobe.match_all_labels_by_prefix\":[{\"var\":\"subject.roles.labels\"},\"core/\",{\"var\":\"resource.labels\"}]}]}]}",
"actions": ["com.adobe.action.read"
]
}
],
"_etag": null
}
]

Retrieve a policy

Request

path Parameters

POLICY_ID

required

string

The ID of the policy you want to retrieve.

Example: 7019068e-a3a0-48ce-b56b-008109470592

header Parameters

Authorization required	string The access token which can be copied from your Experience Platform integration, prefixed with "Bearer ". For more information on how to obtain this value, visit the authentication tutorial. If a user token is being passed, then the user of the token must have an “org admin” role for the requested org.
x-api-key required	string The API key which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.
x-gw-ims-org-id required	string The Organization ID which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.

Responses

200

Successful operation

get/administration/policies/{POLICY_ID}

Response samples

application/json

{"policies": [{"id": "7019068e-a3a0-48ce-b56b-008109470592",
"imsOrgId": "5555467B5D8013E50A494220@AdobeOrg",
"createdBy": "example@AdobeID",
"createdAt": 1652892767559,
"modifiedBy": "example@AdobeID",
"modifiedAt": 1652895736367,
"name": "schema-field",
"description": "schema-field",
"status": "inactive",
"subjectCondition": null,
"rules": [{"effect": "Deny",
"resource": "/orgs/5555467B5D8013E50A494220@AdobeOrg/sandboxes/xql/schemas/*/schema-fields/*",
"condition": "{\"adobe.match_all_labels_by_prefix\":[{\"var\":\"subject.roles.labels\"},\"core/\",{\"var\":\"resource.labels\"}]}",
"actions": ["com.adobe.action.read",
"com.adobe.action.write",
"com.adobe.action.view"
]
},
{"effect": "Permit",
"resource": "/orgs/5555467B5D8013E50A494220@AdobeOrg/sandboxes/*/schemas/*/schema-fields/*",
"condition": "{\"adobe.match_all_labels_by_prefix\":[{\"var\":\"subject.roles.labels\"},\"core/\",{\"var\":\"resource.labels\"}]}",
"actions": ["com.adobe.action.delete"
]
},
{"effect": "Deny",
"resource": "/orgs/5555467B5D8013E50A494220@AdobeOrg/sandboxes/delete-sandbox-adfengine-test-8/segments/*",
"condition": "{\"!\":[{\"adobe.match_any_labels_by_prefix\":[{\"var\":\"subject.roles.labels\"},\"custom/\",{\"var\":\"resource.labels\"}]}]}",
"actions": ["com.adobe.action.write"
]
}
],
"etag": "\"0300593f-0000-0200-0000-62852ff80000\""
}
]
}

Update a policy by policy ID

Request

path Parameters

POLICY_ID

required

string

The ID of the role you want to update.

Example: 8cf487d7-3642-4243-a8ea-213d72f694b9

header Parameters

Authorization required	string The access token which can be copied from your Experience Platform integration, prefixed with "Bearer ". For more information on how to obtain this value, visit the authentication tutorial. If a user token is being passed, then the user of the token must have an “org admin” role for the requested org.
x-api-key required	string The API key which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.
x-gw-ims-org-id required	string The Organization ID which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.

Request Body schema: application/json

The request body for updating a policy using the policy ID.

id	string The ID that corresponds with the policy.
imsOrgID	string The organization where the queried policy is accessible.
name	string The name of the policy.
	object

Responses

200

Successful operation

put/administration/policies/{POLICY_ID}

Request samples

Payload

application/json

{"id": "8cf487d7-3642-4243-a8ea-213d72f694b9",
"imsOrgID": "5555467B5D8013E50A494220@AdobeOrg",
"name": "acme-integration-policy",
"rules": [{"effect": "Deny",
"resource": "/orgs/5555467B5D8013E50A494220@AdobeOrg/sandboxes/*",
"condition": "{\"or\":[{\"adobe.match_any_labels_by_prefix\":[{\"var\":\"subject.roles.labels\"},\"core/\",{\"var\":\"resource.labels\"}]},{\"!\":[{\"adobe.match_all_labels_by_prefix\":[{\"var\":\"subject.roles.labels\"},\"core/\",{\"var\":\"resource.labels\"}]}]}]}",
"actions": ["com.adobe.action.read"
]
}
]
}

Response samples

application/json

[{"id": "8cf487d7-3642-4243-a8ea-213d72f694b9",
"imsOrgId": "5555467B5D8013E50A494220@AdobeOrg",
"createdBy": "example@AdobeID",
"createdAt": 1652988866647,
"modifiedBy": "example@AdobeID",
"modifiedAt": 1652989297287,
"name": "acme-integration-policy",
"description": "Policy for ACME.",
"status": "active",
"subjectCondition": null,
"rules": [{"effect": "Deny",
"resource": "/orgs/5555467B5D8013E50A494220@AdobeOrg/sandboxes/*",
"condition": "{\"or\":[{\"adobe.match_any_labels_by_prefix\":[{\"var\":\"subject.roles.labels\"},\"core/\",{\"var\":\"resource.labels\"}]},{\"!\":[{\"adobe.match_all_labels_by_prefix\":[{\"var\":\"subject.roles.labels\"},\"core/\",{\"var\":\"resource.labels\"}]}]}]}",
"actions": ["com.adobe.action.read"
]
}
],
"_etag": null
}
]

Update policy properties

Request

path Parameters

POLICY_ID

required

string

The ID of the policy you want to update.

Example: 8cf487d7-3642-4243-a8ea-213d72f694b9

header Parameters

Authorization required	string The access token which can be copied from your Experience Platform integration, prefixed with "Bearer ". For more information on how to obtain this value, visit the authentication tutorial. If a user token is being passed, then the user of the token must have an “org admin” role for the requested org.
x-api-key required	string The API key which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.
x-gw-ims-org-id required	string The Organization ID which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.

Request Body schema: application/json

The request body for updating a policy.

op required	string The operation call used to define the action needed to update the policy. Operations include add, replace, and remove. Enum: "add" "replace" "remove"
path required	string The path of the parameter to be updated.
value required	string The new value you want to update your parameter with.

Responses

200

Successful operation

patch/administration/policies/{POLICY_ID}

Request samples

Payload

application/json

{"op": "replace",
"path": "/description",
"value": "Policy for ACME."
}

Response samples

application/json

[{"id": "8cf487d7-3642-4243-a8ea-213d72f694b9",
"imsOrgId": "5555467B5D8013E50A494220@AdobeOrg",
"createdBy": "example@AdobeID",
"createdAt": 1652988866647,
"modifiedBy": "example@AdobeID",
"modifiedAt": 1652989297287,
"name": "acme-integration-policy",
"description": "Policy for ACME.",
"status": "active",
"subjectCondition": null,
"rules": [{"effect": "Deny",
"resource": "/orgs/5555467B5D8013E50A494220@AdobeOrg/sandboxes/*",
"condition": "{\"or\":[{\"adobe.match_any_labels_by_prefix\":[{\"var\":\"subject.roles.labels\"},\"core/\",{\"var\":\"resource.labels\"}]},{\"!\":[{\"adobe.match_all_labels_by_prefix\":[{\"var\":\"subject.roles.labels\"},\"core/\",{\"var\":\"resource.labels\"}]}]}]}",
"actions": ["com.adobe.action.read"
]
}
],
"_etag": null
}
]

Delete a policy

Request

path Parameters

POLICY_ID

required

string

The ID of the policy you want to delete.

Example: 8cf487d7-3642-4243-a8ea-213d72f694b9

header Parameters

Authorization required	string The access token which can be copied from your Experience Platform integration, prefixed with "Bearer ". For more information on how to obtain this value, visit the authentication tutorial. If a user token is being passed, then the user of the token must have an “org admin” role for the requested org.
x-api-key required	string The API key which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.
x-gw-ims-org-id required	string The Organization ID which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.

Responses

204

A successful response returns HTTP status 204 (No Content) and a blank body.

delete/administration/policies/{POLICY_ID}

Response samples

application/json

{ }

Attribute Based Access Control Products

Attribute based access control products endpoints allow you to manage products as well as permission categories and permission sets associated with products in your organization. More information about using this set of endpoints can be found in the products endpoint guide.

List all entitled products

Request

header Parameters

Authorization required	string The access token which can be copied from your Experience Platform integration, prefixed with "Bearer ". For more information on how to obtain this value, visit the authentication tutorial. If a user token is being passed, then the user of the token must have an “org admin” role for the requested org.
x-api-key required	string The API key which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.
x-gw-ims-org-id required	string The Organization ID which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.

Responses

200

Successful operation

get/administration/products

Response samples

application/json

{"products": [{"id": 4525859963018,
"name": "Adobe Experience Platform",
"serviceCode": "{SERVICE_CODE}"
}
]
}

Retrieve permission categories

Request

path Parameters

PRODUCT_ID

required

string

The ID of the product you want to retrieve.

Example: 4525859963018

header Parameters

Authorization required	string The access token which can be copied from your Experience Platform integration, prefixed with "Bearer ". For more information on how to obtain this value, visit the authentication tutorial. If a user token is being passed, then the user of the token must have an “org admin” role for the requested org.
x-api-key required	string The API key which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.
x-gw-ims-org-id required	string The Organization ID which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.

Responses

200

Successful operation

get/administration/products/{PRODUCT_ID}/categories

Response samples

application/json

{"categories": [{"name": "Profile Management"
},
{"name": "Data Ingestion"
},
{"name": "Sandbox Administration"
},
{"name": "Query Service"
},
{"name": "Data Management"
},
{"name": "Identity Management"
},
{"name": "Data Modeling"
},
{"name": "Data Science Workspace"
},
{"name": "Dashboards"
},
{"name": "Alerts"
},
{"name": "Data Governance"
}
]
}

Retrieve permission sets

Request

path Parameters

PRODUCT_ID

required

string

The ID of the product you want to retrieve.

Example: 4525859963018

header Parameters

Authorization required	string The access token which can be copied from your Experience Platform integration, prefixed with "Bearer ". For more information on how to obtain this value, visit the authentication tutorial. If a user token is being passed, then the user of the token must have an “org admin” role for the requested org.
x-api-key required	string The API key which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.
x-gw-ims-org-id required	string The Organization ID which can be copied from your Experience Platform integration. For more information on how to obtain this value, visit the authentication tutorial.

Responses

200

Successful operation

get/administration/products/{PRODUCT_ID}/permission-sets

Response samples

application/json

{"permission-sets": [{"id": "manage-schemas",
"name": "Manage Schemas",
"category": "Data Modeling",
"permissions": {"example": [{"resource": "schemas",
"actions": ["read",
"write",
"delete"
]
},
{"resource": "schema-fields",
"actions": ["read",
"write",
"delete"
]
},
{"resource": "sandboxes",
"actions": ["view"
]
}
]
}
},
{"id": "view-schemas",
"name": "View Schemas",
"category": "Data Modeling",
"permissions": {"example": [{"resource": "schemas",
"actions": ["read"
]
},
{"resource": "schema-fields",
"actions": ["read"
]
},
{"resource": "sandboxes",
"actions": ["view"
]
}
]
}
}
]
}

Get credentials

Access Control API (1.0)

(NEW) Interactive API documentation

Access Control Policies

List all available permission names and resource types

header Parameters

List all effective policies

header Parameters

Request Body schema: */*required

Attribute Based Access Control Roles

List all existing roles

header Parameters

Create a new role

header Parameters

Request Body schema: application/json

Retrieve a role

path Parameters

header Parameters

Update role properties

path Parameters

header Parameters

Request Body schema: application/json

Update a role by role ID

path Parameters

header Parameters

Request Body schema: application/json

Delete a role

path Parameters

header Parameters

Retrieve subjects

path Parameters

header Parameters

Update subjects by role Id

path Parameters

header Parameters

Request Body schema: application/json

Attribute Based Access Control Policies

List all existing policies in your organization

header Parameters

Create a new policy

header Parameters

Request Body schema: application/json

Retrieve a policy

path Parameters

header Parameters

Update a policy by policy ID

path Parameters

header Parameters

Request Body schema: application/json

Update policy properties

path Parameters

header Parameters

Request Body schema: application/json

Delete a policy

path Parameters

header Parameters

Attribute Based Access Control Products

List all entitled products

header Parameters

Retrieve permission categories

path Parameters

header Parameters

Retrieve permission sets

path Parameters

header Parameters

Request Body schema: /
required