API platform
The API platform is an add-on available to Sitecore Connect customers. It simplifies the creation, exposure, and management of APIs derived from Sitecore Connect recipes. The API platform addresses key limitations of webhooks, such as lack of authentication, lower rate limits, absence of queuing strategies, and inability to deliver customized responses. With the API platform, you gain a robust, scalable, and secure solution designed for business-critical, high-volume integrations.
Key capabilities
-
Recipe-driven API creation - easily transform recipes into APIs by exposing automations and workflows as API endpoints. This enables organizations to integrate applications and share integration logic with other systems through APIs.
-
Low-code API development - enable non-developers to create and manage APIs through a low-code interface. Users can configure API request and response logic using intuitive recipe-building tools in Sitecore Connect.
-
API management - manage APIs effectively with features, such as:
-
Versioning - maintain multiple API versions to ensure backward compatibility.
-
Rate limiting - control API call frequency to prevent system overload.
-
Authentication and security - secure APIs using OAuth2, API keys, and other security protocols.
-
Analytics and monitoring - track API usage, monitor performance, and gain insights into API consumers.
-
Use cases and security benefits
The API platform offers features for building, managing, and consuming APIs securely. The following are key use cases across different Sitecore products and their associated security benefits :
-
Streamlining API governance
Centralize management to enforce security policies and monitor activity across multiple APIs, ensuring consistent compliance.
Examples:
-
XM Cloud - securely integrate with third-party CRMs or marketing platforms like Salesforce and Marketo using the API platform.
-
CDP - use the API platform as a middleware to control and monitor access to customer profiles, behavioral data, and existing APIs within Sitecore CDP.
-
Content Hub - group API endpoints for managing and creating content and building recipes for data transformations. Use the API platform to oversee and monitor the performance of these API requests.
-
-
Enabling secure user authentication
Apply protocols such as OAuth2, API key-based access, and SSO to maintain secure access to sensitive APIs.
Examples:
-
Send - restrict access to email marketing data to authorized users and systems, protecting sensitive customer information and maintaining integrity during integrations.
-
XM Cloud - generate authentication tokens in the API platform to enable authorized users or systems to securely access and process customer data.
-
-
Defending against malicious attacks
Implement rate limits, throttling, and real-time monitoring to prevent denial-of-service attacks and detect anomalies during high-traffic events.
Example:
-
Search - enforce rate-limiting policies in the API platform to prevent excessive requests to Sitecore Search APIs.
-
-
Facilitating secure data transfers
Encrypt data exchanges between APIs and external systems to protect personally identifiable information (PII) and comply with GDPR, HIPAA, and other standards.
Examples:
-
XM Cloud - transfer lead data from XM Cloud Forms to external systems in adherence to data privacy and regulatory standards.
-
CDP - securely expose APIs to external partners for uploading customer data while maintaining data privacy.
-
API platform overview
The API platform in Sitecore Connect helps manage and optimize APIs within your integrations. To access the API platform, in the navigation menu, click Tools > API Platform. The API platform is organized into seven key tabs for API management and monitoring.
Dashboard
The Dashboard tab provides a real-time view of API activity, with a summary of all API requests and client activities. It allows you to monitor performance and identify areas for optimization. The interface displays key API metrics in an intuitive layout.
API collections
This API collections tab displays all collections within a workspace. An API collection groups related endpoints with a common access pattern, simplifying management.
You can create two types of API collections in Sitecore Connect:
-
API recipe collection - use this to expose your Sitecore Connect recipes as endpoints.
-
API proxy collection - use this to create secure proxies for existing API endpoints within an HTTP connection.
Policies
The Policies tab lets you manage access policies for APIs, ensuring usage and preventing overuse by individual clients. On this tab, you can:
-
Set rate limits - define the number of requests allowed per second, minute, or hour.
-
Establish usage quotas - specify daily, monthly, or yearly limits for API consumption.
These policies ensure scalability and fair usage across clients.
Clients
The Clients tab lets you manage access to your APIs. Use this tab to:
-
Define teams or individual clients - organize access by teams or individual users.
-
Assign access profiles - grant specific permissions to API collections or endpoints.
-
Configure authentication - secure access with API Keys, OAuth2.0, JWT, or OpenID Connect.
-
Apply policies - enforce rate limits and usage quotas to ensure fair and controlled access.
Logs
The Logs tab provides detailed records of API activity to help you troubleshoot and resolve issues efficiently. Logs include request and response details, IP addresses, response times, status codes, and step-by-step logs for recipe execution.
Library
The Library tab offers a centralized catalog of API collections for sharing within your organization. This catalog includes documentation, usage examples, and tools for adopting and integrating APIs.
Using the Library tab promotes collaboration and ensures consistency in API usage across teams.
Settings
The Settings tab lets you customize and manage platform configurations, including:
-
API path prefix - define a custom prefix for your API endpoints.
-
Custom domain - add a unique domain for your APIs.
-
Sharing options - share your API collections or endpoints publicly.
-
Concurrency settings - configure how the platform handles high traffic by queuing or rejecting requests.