Request a JWT for the Authoring and Management API or the XM Cloud Deploy API
To run any operation with the Sitecore Authoring and Management GraphQL API or the XM Cloud Deploy API, obtain an authentication token in JSON Web Token (JWT) format and include it in every call to the API.
For authorization, the Sitecore Authoring and Management API and the XM Cloud Deploy API use the OAuth authorization framework.
You can also request a JWT for Experience Edge XM using OAuth.
Before you begin
Before you can request a JWT, you need to create client credentials to get a client ID and client secret. The type of credentials, depend on which API you want to access.
-
For the XM Cloud Deploy API or the Authoring and Management APIs of all environments in an organization, you need to create an Organization automation client.
-
For the Authoring and Management API of a specific environment, you need to create an Environment automation client.
Request a JWT
To request a JWT for the XM Cloud Deploy API or the Authoring and Management API:
-
Make a POST request to the following OAuth endpoint:
https://auth.sitecorecloud.io/oauth/token
Include the following properties in the body of the JWT request:
Name
Value
audience
https://api.sitecorecloud.io
grant_type
client_credentials
client_id
The client ID of your automation client.
client_secret
The client secret of your automation client.
If your request is successful, you receive the access_token
, token_type
, and expires_in
values.
You can use the access token to authorize requests to the Authoring and Management API or the XM Cloud Deploy API.
Pay attention to the expires_in
property of the response because JWTs typically expire in 24 hours. After that time, the token is invalid and you must request a new token.
Example
For the following cURL example, the data is encoded as form data. Therefore the POST
request must specify the Content-Type
request header with the value application/x-www-form-urlencoded
.
Run the following POST request using a cURL client:
curl --request POST --url "https://auth.sitecorecloud.io/oauth/token" --header "content-type: application/x-www-form-urlencoded" --data audience=https://api.sitecorecloud.io --data grant_type=client_credentials --data client_id=<your-client-id> --data client_secret=<your-client-secret>