Request a JWT for Experience Edge XM using OAuth

Abstract

Create the access token that you need to call the protected APIs.

Sitecore Experience Edge for XM uses the OAuth authorization framework for security. OAuth allows one program to authorize another program to make changes on behalf of an account holder or end-user.

To execute any operation in any of Experience Edges protected APIs other than the Delivery API, the calling system must first obtain an authentication token (in JSON Web Token (JWT) format) and include it in every call it makes to Edge. Following successful authentication, the calling application will have access to an access token, which can be used to call the protected APIs.

To request a token:

  1. Request an access token for the Experience Edge APIs by using a POST request.

    For example, request the JWT using the curl client:

    curl --request POST --url "https://one-sc-production.eu.auth0.com/oauth/token" --header "content-type: application/x-www-form-urlencoded" --data grant_type=client_credentials --data client_id=<clientid> --data client_secret=<clientsecret> --data audience=https://delivery.sitecore.cloud/<tenant-id>

    Parameters:

    Parameter

    Description

    grant_type

    Set this to client_credentials.

    client_id

    The client ID for your tenant as provided by Sitecore.

    client_secret

    The client secret for your tenant as provided by Sitecore.

    audience

    The audience for your tenant as provided by Sitecore. It will be in the form https://delivery.sitecore.cloud/tenant-id with tenant-id substituted for your tenant ID.

  2. You will receive the access_token, token_type, and expires_in values. Now you can pass the retrieved access token as a Bearer token in the Authorization header of your HTTP request.

    Important

    Pay attention to the expires_in property of the response because JWTs typically expire in 24 hours. After that time, the token is invalid and you must request a new token.