1. Sitecore Stream

Generate a JSON Web Token (JWT)

To use the Stream REST APIs for creating a brand kit, uploading documents, and starting brand ingestion, you must authorize your requests using the OAuth 2.0 standard with a JSON web token (JWT). This process involves two main steps: first, creating a Client ID and Client secret in Stream, and then using these credentials to request an access token.

Create a Client ID and Client Secret

Before you can request an access token, you'll need to generate a Stream Client ID and Client Secret in the Sitecore Cloud Portal.

To create a Client ID and Client Secret:

  1. Log in to the Sitecore Cloud Portal.

  2. Open the Stream app.

  3. In the navigation menu, click Admin.

  4. On the Brand Kit keys page, click Create credential to set up a new client.

    Click Create credential to create a new client.

  5. In the Create New Client dialog:

    • In the Label field, enter a name for the client.

    • Optionally, in the Description field, enter a client description.

  6. Click Create. The Client ID and Client Secret fields will be populated.

  7. Copy and save the generated values for Client ID and Client Secret, then click Done.

    Warning

    The Client Secret is displayed only once and cannot be retrieved later. If lost, you must generate a new authentication client.

Request an access token

After generating your Client ID and Client Secret, you can use them to request an access token, which authorizes your API requests.

To request an access token:

  1. Run the following cURL command to request an access token. Replace the placeholder values with your Client ID and Client Secret.

      curl -X POST 'https://auth.sitecorecloud.io/oauth/token' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'client_id={YOUR_API_KEY}' \
  --data-urlencode 'client_secret={YOUR_API_SECRET}' \
  --data-urlencode 'grant_type=client_credentials' \
  --data-urlencode 'audience=https://api.sitecorecloud.io'

  2. In the response, the access_token key contains the JWT token:

      {
    "access_token": "{YOUR_ACCESS_TOKEN}",
    "scope": "ai.org.brd:w ai.org.brd:r ai.org.docs:w ai.org.docs:r ai.org:adminai.org.brd:w ai.org.docs:w ai.org:admin",
    "expires_in": 86400,
    "token_type": "Bearer"
  }

    Copy the access_token and include it in the request header of every API request. For example:

     curl -X GET '{YOUR_BASE_URL}/v2/...' \
-H 'Authorization: Bearer {YOUR_ACCESS_TOKEN}' \
-H 'Accept: application/json'
If you have suggestions for improving this article, let us know!