Authentication and configuration
Every Launch request made through ReactorSDK depends on one thing going right first: Adobe OAuth server-to-server authentication. This page explains which credentials the SDK expects, how token refresh works internally, and which client options are available when you instantiate ReactorSDK::Client.
Adobe credential setup
Create or open an Adobe Developer Console project, add the Adobe Launch API service, and choose OAuth server-to-server as the credential type. The SDK needs three values from that project:
| Attribute | Data type | Description |
|---|---|---|
| client_id | StringRequired | The Adobe Developer Console client ID for the project. |
| client_secret | StringRequired | The Adobe Developer Console client secret for the project. |
| org_id | StringRequired | The IMS organization identifier, usually ending in |
ReactorSDK does not support Adobe's deprecated JWT service account flow. The implementation uses OAuth server-to-server only.
Token lifecycle
The SDK uses Adobe IMS client_credentials token exchange behind the scenes. Tokens are fetched lazily on the first API call, stored in memory, and refreshed automatically before they expire.
Built-in behavior
- Default IMS token URL:
https://ims-na1.adobelogin.com/ims/token/v3 - Token refresh buffer:
300seconds before actual expiry - OAuth scope string includes
openid,AdobeID,read_organizations, andadditional_info.projectedProductContext - Token fetch is synchronized with a mutex so threaded runtimes do not duplicate refresh requests
Lazy token fetch
# Create the client with Adobe credentials only.
client = ReactorSDK::Client.new(
# Client ID from Adobe Developer Console.
client_id: ENV.fetch("ADOBE_CLIENT_ID"),
# Client secret from Adobe Developer Console.
client_secret: ENV.fetch("ADOBE_CLIENT_SECRET"),
# IMS organization ID for the Adobe org.
org_id: ENV.fetch("ADOBE_IMS_ORG_ID")
)
# The first API request triggers token exchange automatically.
client.companies.list
You never need to call Adobe IMS directly in normal application code.
Client options
All runtime configuration flows through ReactorSDK::Client.new.
| Option | Required | Default | Purpose |
|---|---|---|---|
client_id | Yes | None | Adobe Developer Console client ID |
client_secret | Yes | None | Adobe Developer Console client secret |
org_id | Yes | None | IMS organization ID |
base_url | No | https://reactor.adobe.io | Override Reactor base URL, mainly useful in tests |
ims_token_url | No | Adobe IMS token URL | Override token URL for tests or stubs |
timeout | No | 30 | HTTP timeout in seconds |
logger | No | nil | Optional request logging |
auto_refresh_token | No | true | Stored on configuration for refresh behavior |
Configured client example
# Optional configuration such as timeout and logging is supplied here too.
client = ReactorSDK::Client.new(
# Required Adobe client ID.
client_id: ENV.fetch("ADOBE_CLIENT_ID"),
# Required Adobe client secret.
client_secret: ENV.fetch("ADOBE_CLIENT_SECRET"),
# Required IMS organization ID.
org_id: ENV.fetch("ADOBE_IMS_ORG_ID"),
# Per-request timeout in seconds.
timeout: 30,
# Standard Ruby logger for request visibility during development or debugging.
logger: Logger.new($stdout),
# Keep automatic token refresh enabled.
auto_refresh_token: true
)
Failure modes
When authentication or configuration is wrong, ReactorSDK fails in explicit, typed ways.
- Blank
client_id,client_secret, ororg_idraisesReactorSDK::ConfigurationError. - Bad Adobe credentials during token exchange raise
ReactorSDK::AuthenticationError. - Valid tokens without access to Launch resources raise
ReactorSDK::AuthorizationError. - Valid auth combined with missing Launch resources raises
ReactorSDK::ResourceNotFoundErrorlater, at the resource request boundary.