Managing SitecoreAI client credentials

If you want your application to access SitecoreAI APIs, you must issue client credentials for your app.

SitecoreAI uses the Client Credentials Flow to authenticate and authorize continuous integration (CI) and continuous deployment (CD) pipelines, custom tools, integrations, and other back-end services.

When you create credentials, the Deploy app creates a client ID and a client secret for your app. The client ID and client secret are essentially equivalent to a username and password.

You can use the credentials to request a JSON Web Token for your CM instance, request a JWT for Experience Edge XM, or to grant the Design studio access to the component code of an external editing host.

From the Deploy app, you can create and manage the client credentials of your organization and its environments.

How it works:

Create credentials for your app.
Use the credentials (client ID + client secret) to authenticate your app with the Auth0 Authorization Server https://auth.sitecorecloud.io/oauth/token and receive an access token.
When you call the API, pass the access token as a Bearer token in the Authorization header of your HTTP request.

You can create the following types of credentials:

Client credentials type	Description	Available APIs
Organization automation client	Grants access to the Deploy API and the CM instance APIs of all environments in an organization.	Deploy API Sitecore Authoring and Management GraphQL API
Environment automation client	Grants access to the APIs of a specific environment.	Sitecore Authoring and Management GraphQL API Edge Platform Admin API
Edge administration client	Grants access to the Experience Edge APIs of a specific environment.	Experience Edge APIs
External editing host client	Grants the Design studio access to the component code of an external editing host.	N/A

You can also revoke a client.

Do you have some feedback for us?

If you have suggestions for improving this article,