Acquia CDP

API Authentication Process

This page provides information about the API authentication process for the following scenario:

Data engineers want to understand the complexities of the CDP REST API to create efficient integrations within the business architecture through self-service integration tools. They also want to develop and execute data integration tasks to enhance autonomy and reduce dependency on specialized technical knowledge.

The following are the ways to achieve this scenario:

Creating a user role through the self-service UI

Before you start creating a user role, you must get access to the Instances user interface by contacting your CDP administrator.

To create a user role:

  1. Sign in to the CDP user interface.
  2. Click Integrations > Instances.
  3. Click Add Instance.

    The system displays the Create Instance page.

  4. In Name, enter the name for your instance.
  5. In Instance Type, select one of the following:
    • DW Tracker to push upstream payloads from a source system to CDP.
    • 360 Profiles to pull downstream payloads from CDP to a source system.

  6. Click Save.

    The system creates the instance and auto-populates values in the following fields:

    • API Host URL
    • Authentication Host URL
    • UserName
    • Password
  7. Take a backup of these credentials at a secure location as you cannot view them in the system again.

    These credentials are used when creating a user role through Postman.

Creating a user role through Postman

Complete the following tasks to create a user role through Postman for the given scenario:

Setting up Postman

  1. Download and open Postman.
  2. Click Create Collection.

  3. Click the Ellipsis icon, click Rename, and then rename the folder collection to CDP Authentication

    Postman displays the CDP Authentication collection.

Setting up the Authentication request

  1. In the CDP Authentication collection, click Add a request.

  2. Click the Ellipsis icon, click Rename, and then rename the request to Step 1 - Authenticate with Username and Password (One Time).
  3. Change the request to POST.

  4. In Enter URL or paste text, enter the credentials that you generated while creating a user role through self-service UI.

    Ensure the URL matches your cloud region and tenant type as saved earlier.

    For example, https://auth.agilone.com/authentication?action=login.
    The following are the URL parameters:
    Cloud RegionURL EndpointParameter Description
    AWSauth.agilone.com
    • /authentication indicates the path that directs the request to the authentication service on the server.

    • ? indicates the beginning of the query string, which contains the parameters.

    • action=login indicates the parameter that specifies the action. It informs the server that the intention of the request is to initiate a login process.

    Postman auto-populates the value on the Params tab.

  5. Click the Authorization tab and select the Type as Basic Auth
  6. Enter the username and password.
    Postman recommends that you save all sensitive information into variables. For more information, see Store and reuse values using variables.

    If you cannot set up variables, delete the sensitive information and re-enter the credentials each time you need, so that you can conduct tests to avoid security risks.

  7. Click the Headers tab.

  8. Add Key as Content-Type and Value as application/json.

  9. Click Save and click Send.

    For successful requests, Postman displays Status: 200 OK and access_token.

    You can initiate the user authentication step only after creating a token. You can use the token until it expires. You must not resend the request for continued testing with the generated token.

Setting up the Token Retrieve request

When you use the REST API Authentication mechanism, you perform the request daily to retrieve the token until it expires. 

To retrieve a token:

  1. Click the Ellipsis icon and click Duplicate to make a copy of the Step 1 - Authenticate with Username and Password (One Time) authentication request.

  2. Click the Ellipsis icon, click Rename, and rename the copy of the authentication request to Step 2 - Request Access Token (Daily).
  3. Change the request to GET.

  4. Enter the Authentication mechanism endpoint URL as https://auth.agilone.com/token?scheme=a1user.

    The following are the URL parameters:

    Cloud RegionURL EndpointParameter Description
    AWSauth.agilone.com
    • /token indicates the path that directs the request to a service or resource on the server that deals with token generation or management.

    • ? indicates the beginning of the query string, which contains the parameters.

    • scheme=a1user  indicates a parameter that specifies the authentication or authorization scheme. It tells the server that the request is created under the a1user scheme, possibly affecting how the token is generated or what permissions are associated with it. 

    Postman auto-populates the value on the Params tab.

  5. Click the Authorization tab and ensure that the Type is Basic Auth.
  6. Perform Steps 6 to 8 from Setting up the Authentication request.
  7. Click Save and click Send.

    For successful requests, Postman displays Status: 200 OK and access_token.

    Ensure to check the expiration date of the token on a regular cadence through GET request calls. The expires_in field in the response body indicates the lifespan of the token. By default, tokens last 90 days in Customer Sandbox (CS) and 180 days in UAT and Production (PROD) environments.

The response body consists of the following parameters:

ParameterDescription
access_tokenA unique string that serves as a token for accessing protected resources. In this case, "f265e508-c599-44e3-ab60-60a040a9154a" is the token that the API returns. You must include this token in the header of subsequent requests to access authorized resources.
token_typeThe type of token that is issued by the server. In this example, the token type is "bearer", which means that the bearer of this token has the authorization to access the resources. Bearer tokens are a common method used in OAuth 2.0 for accessing resources.
expires_inThe lifetime of the access token in seconds. Once this time elapses, the token expires and no longer grants access. In this case, 15600000 seconds means the token has a significant duration before expiration. 
tenantIdThe identifier for the tenant or account that you want to access.
usernameThe username of the user. In this case, the username is "tracker_XXXXXX".
userTypeThe role or type of the user within the system. "CLIENT" indicates that the user has client-level access.
passwordExpiryDateThe expiry date of the user's password, necessitating a password change. Postman displays it in ISO 8601 format. For example,  "2025-01-06T00:00:00" indicates that the expiry date is January 6, 2025.

Setting up the Token Extend request

If a token is about to expire, you can extend it for the next 180 days. Acquia recommends you to recycle the token by generating a new token. For more information, see Setting up the Token Create request. You may use the token for up to 1 year or longer as per your company's policies. 

To extend the token:

  1. Click the Ellipsis icon and click Duplicate to make a copy of the Step 2 - Request Access Token (Daily) authentication request. 
  2. Click the Ellipsis icon, click Rename, and rename the copy of the authentication request to Extend - Current Token.
  3. Change the request to POST.

  4. Enter the Authentication mechanism endpoint URL as https://auth.agilone.com/token?scheme=a1user&action=extend.

    The following are the URL parameters: 

    CloudURL EndpointDescription
    AWSauth.agilone.com
    • /token indicates the path that directs the request to a service or resource on the server that deals with token generation or management.

    • ? indicates the beginning of the query string, which contains the parameters.

    • scheme=a1user indicates a parameter that specifies the authentication or authorization scheme. It tells the server that the request is created under the a1user scheme, possibly affecting how the token is generated or what permissions are associated with it. 

    • & indicates that you can add multiple key-value pairs to the query string.

    • action=extend indicates an action request to the server to extend the validity of the current token. This means the request is asking the server to prolong the lifespan of an existing token under the specified scheme a1user.

    Postman auto-populates the value on the Params tab.

  5. Click the Authorization tab and select the Type as Bearer Token.

  6. Add the token that you want to extend.
  7. Perform Steps 7 and 8 from Setting up the Authentication request.

    For successful requests, Postman displays Status: 200 OK and access_token.

    Before Extend request:

    After Extend request:

Setting up the Token Create request

Use this procedure only if the existing token is about to expire.

To create a token:

  1. Click the Ellipsis icon and click Duplicate to make a copy of the Step 3 - Request Access Token (Daily) authentication request. 
  2. Click the Ellipsis icon, click Rename, and rename the copy of the authentication request to Create - Token.
  3. Change the request to POST.
  4. Enter the Authentication mechanism endpoint URL as https://auth.agilone.com/token?scheme=a1user&action=create.

    The following are the URL parameters:

    CloudURL EndpointDescription
    AWSauth.agilone.com
    • /token indicates the path that directs the request to a service or resource on the server that deals with token generation or management.

    • ? indicates the beginning of the query string, which contains the parameters.

    • scheme=a1user indicates a parameter that specifies the authentication or authorization scheme. It tells the server that the request is created under the a1user scheme, possibly affecting how the token is generated or what permissions are associated with it.

    • & indicates that you can add multiple key-value pairs to the query string.

    • action=create indicates an action request to the server to create a token. 

    Postman auto-populates the value on the Params tab.

  5. Click the Authorization tab and select the Type as Basic Auth.
  6. Add the token that you want to extend.
  7. Perform Steps 7 and 8 from Setting up the Authentication request.

    For successful requests, Postman displays Status: 200 OK and access_token.

Setting up the Token Delete request

To delete a token:

  1. Click the Ellipsis icon and click Duplicate to make a copy of the Extend - Current Token authentication request. 
  2. Click the Ellipsis icon, click Rename, and rename the copy of the authentication request to Revoke - A Token.
  3. Change the request to DELETE.

  4. Enter the Authentication mechanism endpoint URL as https://auth.agilone.com/token?scheme=a1user.

    For more information, see the URL Parameter table in Setting up the Token Retrieve request

  5. Click the Authorization tab and ensure that the Type is Bearer Token.
  6. Enter the token that you want to delete.
  7. Perform Steps 7 and 8 from Setting up the Authentication request.

    Postman deletes the token.

Setting up the All Token Delete request

To delete all tokens:

  1. Click the Ellipsis icon and click Duplicate to make a copy of the Revoke - A Token authentication request.
  2. Click the Ellipsis icon, click Rename, and rename the copy of the authentication request to Revoke All Access Tokens.
  3. Change the request to DELETE.

  4. Enter the Authentication mechanism endpoint URL as https://auth.agilone.com/token?scheme=a1user.

    For more information, see the URL Parameter table in Setting up the Token Retrieve request

  5. Click the Authorization tab and select the Type as Basic Auth.

  6. Enter the username and password.

  7. Perform Steps 6 to 8 from Setting up the Authentication request.

    Postman deletes all the tokens.

Summary

You can use the REST API authentication mechanism to construct upstream and downstream data payload samples for each user role:

  • Integration Users: Create near real-time, event-based, or batch delta integrations.

  • Webtag Service Users: Create near real-time front-end for your website using the tracking pixel integration.

  • 360 Profile Users: Retrieve the post processed records that are cleansed, aggregated, and deduped to form unified customer records.

CDP provides the following resources:

  • A prebuilt library for advanced developers

  • Import the Postman guide library, which requires the following files:

    • The Product API Guide: Contains all clouds, environments, user roles, requests, and both upstream and downstream scenarios.

    • Environments Globals: Contains all prebuilt dynamic variables, enabling you to test across various clouds, environments, and user roles without the need to duplicate folders or requests.