Request a JWT for Experience Edge XM
Experience Edge for XM provides APIs that help you administer your Edge tenant and provide access to your content.
The following APIs are available:
-
Delivery API - GraphQL API that provides access to your published content.
-
Token API - REST API that enables you to manage the API keys used to access the
Delivery
API. -
Admin API - REST API that enables you to administer your Edge tenant.
To run any operation on the Delivery API, you need to generate an Edge token. There are several ways to do this, you can:
-
Request a JWT, then use it to generate an Edge token using the XM Cloud Deploy REST API or the Token API.
To run any operation on the Token API or Admin API:
-
Request a JSON Web Token (JWT) and include it in every call to the API.
Before you can request a JWT, you need to create client credentials consisting of a client ID and client secret. The credentials type depends on the level of access you want to grant.
-
For access to the Experience Edge APIs of a specific environment, you need to create an Edge administration client.
-
For access to the Experience Edge APIs, XM Cloud Deploy API, and the Authoring and Management APIs of all environments in an organization, you need to create an Organization automation client.
Request a JWT
To request a JWT for Experience Edge XM:
-
Make a POST request to
https://auth.sitecorecloud.io/oauth/token
, and include the following properties:Name
Value
audience
https://api.sitecorecloud.io
grant_type
client_credentials
client_id
The client ID of your Edge administration or automation client.
client_secret
The client secret of your Edge administration or automation client.
If your request is successful, you receive the access_token
, scope
, expires_in
, and token_type
values. The scope
depends on the type of credentials you created.
Use the access token value to generate an Edge token using the XM Cloud Deploy REST API or the Token API or to authorize requests to the Admin API.
Pay attention to the expires_in
property of the response because JWTs typically expire in 24 hours. After that time, the token is invalid and you must request a new token.
Example
For the following cURL example, the data is encoded as form data. Therefore the POST
request includes the Content-Type
request header with the value application/x-www-form-urlencoded
:
curl --request POST --url "https://auth.sitecorecloud.io/oauth/token" --header "content-type: application/x-www-form-urlencoded" --data audience=https://api.sitecorecloud.io --data grant_type=client_credentials --data client_id=<your-client-id> --data client_secret=<your-client-secret>
The endpoint accepts other content-type headers, such as application/json
.
The request returns the following response:
{
"access_token": "eyJhbGciOiJSUzI1NiI...",
"scope": "xmclouddeploy.organizations:manage xmclouddeploy.projects:manage xmclouddeploy.environments:manage...",
"expires_in": 86400,
"token_type": "Bearer"
}