API Overview
API Overview
User Management Tasks
To manage Adobe users in your organization, your applications can use the User Management API to create, update, and delete user accounts of different identity types. For a complete discussion of the different account types, see Identity Types.
You can use the API to perform a variety of user-management tasks:
- Update user information associated with an Enterprise ID or Federated ID account that is managed by your organization. Adobe ID accounts are managed by the user and by Adobe.
- Remove accounts of any type from your organization. For Enterprise IDs, you can also delete the accounts.
- Query your Adobe users.
- Manage membership in user groups and product profiles. These memberships control user access to Adobe products.
- Manage administrative rights for users within user groups and product profiles.
This page provides an introduction to the endpoints and techniques you use to perform these tasks. For complete syntax details, see the UM API Reference.
Calling into the UM API
Before you can make calls into the User Management API, you must obtain proper credentials. See Authentication for API Access. You use your access credentials to authorize all calls into the UM API.
Address all user-management requests to the UM API server:
https://usermanagement.adobe.io/v2/usermanagement/...
For a Python code walkthrough and samples of actual API calls that demonstrate most user management tasks, see the User Management Walkthrough.
Introduction to User Management APIs
- Manage your Adobe Users
When you have obtained access, you can use the API to request changes to your Adobe user accounts.
- Query Users
You can retrieve information about users in your organization. - Manage User Groups
You can now create, delete, and update user groups programmatically, as well as through the Admin Console.
- Query Users
-
Manage Products Access and Admin Rights
Product access is controlled by memberships in user groups and product profiles. You can use the API to query and update memberships, and control user roles within the groups. - Throttling and Error Handling
Throttling enables you to handle errors that result from data-access limitations.
Manage your Adobe Users
The API defines a set of specific write actions that you use to create, update, and delete user accounts, and manage Adobe product access for users. To make most user-management requests, send an HTTPS POST request to the user-management Action API:
https://usermanagement.adobe.io/v2/usermanagement/action/{orgId}
- Replace {orgId} with your organization’s unique ID, which looks like this: “12345@AdobeOrg”.
You specify actions for specific users in the JSON body of a POST request to the action
endpoint for your organization. The JSON structure specifies a set of commands. Each command names a user or user group, and specifies one or more action steps to take for that user or group. A single request can include commands for multiple users or groups. An optional test mode allows you to check a set of commands for validity without making any actual changes in your user data.
You can also use this POST request to manage administrative rights for users in user groups and product profiles.
- For detailed syntax of action requests, see User Management Action Requests.
- For detailed syntax of the JSON commands structure and a full description of user account operations, see User Management Action Commands.
- For a full description of user group operations, see User Group Management Action Commands.
Adding Users with Adobe ID Identity Type
You can add users with any of the three identity types: Enterprise ID, Federated ID, or Adobe ID. See a full discussion at Identity Types.
When you create a new user of the Adobe ID type, the user is identified by email address. The Adobe ID can already exist or be created. The new user is immediately added to your organization, and sent an email that gives them the option to be removed from the organization, or to update their user profile.
Query Users
You can retrieve paged lists of all users for the organization, and examine information for an individual user through the unique user ID. See User Access APIs.
Manage User Groups
You can create new user groups programmatically, update the names and descriptions of existing user groups, and delete user groups, through the Action API.
Manage Product Access and Admin Rights
Users are provisioned for access to Adobe products through their membership in user groups and product profiles. A user group is a collection of users who share a set of permissions. Both individual users and user groups can be added to product profiles to give them access to a set of products.
You cannot create product profiles through the API. You must create them in the Admin Console. You can then use the User Management API to manage product access for users by adding and removing users to and from your existing user groups and product profiles.
Manage memberships and roles
- To manage user group membership and assign administrative rights in user groups, use the
usergroup
root command in a POST request to the Action API for your organization. For details, see User Group Management Actions.https://usermanagement.adobe.io/v2/usermanagement/action/{orgId}
- To manage product profile membership and administrative rights, use the
user
root command in a POST request to the Action API for your organization. Use the Product Information APIs to find groups and product profiles for your organization.https://usermanagement.adobe.io/v2/usermanagement/groups/{orgId}/{page}
Throttling and Error Handling
To protect the availability of the Adobe back-end user identity systems, the User Management API imposes limits on client access to the data. Limits apply to the number of calls that an individual client can make within a time interval, and global limits apply to access by all clients within the time period.
Please refer to the Throttling section of each API to determine its limitations. When the access limit is reached, further calls fail with 429 Too Many Requests.
If you are leveraging the User Sync Tool, our recommendation is to run the tool no more than once every 2 hours. Further information on scheduling recommendations can be found in the User Sync Tool Deployment Best Practices section.