Authentication

Learn how to authenticate requests to Workfront Fusion APIs

Overview

Every request made to Workfront Fusion APIs must include an encrypted access token. Your secure, server-side application retrieves an access token by making a request to the Adobe Identity Management System (IMS) with your Client ID and Client Secret.

Prerequisites

This tutorial assumes you have worked with your Adobe Representative and have the following:

Retrieve an access token

First, open a secure terminal and export your Client ID and Client Secret as environment variables so that your later commands can access them:

export FUSION_CLIENT_ID=<your_client_id>
export FUSION_CLIENT_SECRET=<your_client_secret>

Next, run the following command to generate an access token:

curl --location 'https://ims-na1.adobelogin.com/ims/token/v3' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode "client_id=$FUSION_CLIENT_ID" \
--data-urlencode "client_secret=$FUSION_CLIENT_SECRET" \
--data-urlencode 'scope=openid,AdobeID,profile,additional_info.projectedProductContext'

The response will look like this:

{"access_token":"yourExampleToken","token_type":"bearer","expires_in":86399}

Notice how the response includes an expires_in field, which informs you of how many more seconds the access token is valid for. Each access token is valid for 24 hours, after which your secure server-side application will need to request a new token. A best practice is to securely store the token and refresh it before it expires.

Export your access token as an environment variable:

export FUSION_ACCESS_TOKEN=yourExampleToken

Ready to put your API authentication to use? Continue to the API Reference to explore available endpoints.