Authentication

To access the Preview and Delivery APIs, you need an API key. Before you create an API key for the first time, you must:

  1. Enable content publishing.

  2. Publish your schema.

  3. Wait for background processes to finish.

Note

An authentication key is static and does not expire, but can be revoked.

When creating an API key, you can give it a scope to limit which content a user can access.

Scope

Description

Audience

This determines which API the key grants access to. Use audience-preview to access the Preview API, or audience-delivery to access the Delivery API.

Content

This provides top-level query access to the entity identified by the ID in the scope parameter, which is everything following the content- prefix. For example, accessing a content collection with the ID fruitful requires the scope content-#fruitful#. The content-#everything# scope allows access to all content.

Important

When you generate an API key, you should define at least one audience scope and one content scope.

You can create an API key using the Token API or from Sitecore Content Hub. In Content Hub, you can create an API key from the:

  • Manage page. API keys created from the Manage page have a content-#everything# scope.

  • Content collection details page. API keys created from a content collection details page have a content- scope limited to that content collection.

Do you have some feedback for us?

If you have suggestions for improving this article,