Token API
The Token REST API lets you manage the API keys used to access the Delivery API. These API keys are long-lived and are not session-based tokens. After creating a key, you can continue to use it (with additional calls to the API) until you revoke it.
Base URL
Here's the Token REST API base URL:
https://edge.sitecorecloud.io/api/apikey/v1
Authorization
All endpoints use bearer authorization. To authorize your API requests:
- Create an Edge administration client for an environment. This generates a client ID and client secret.
- Request a JWT for Experience Edge XM using OAuth using the client ID and client secret. This generates a JSON web token (JWT). You must include the JWT in the
Authorizationheader of every API request you make.
Headers
| Name | Format | Description |
|---|---|---|
Authorization | Bearer <YOUR_JWT> | Required. The JSON web token (JWT) you requested to authorize your API requests. Example: Bearer eyJhbG... |
Endpoints
The Token REST API has the following endpoints:
Create- generates an API key.ListAll- lists all API keys in your tenant.GetApiKeyByHash- retrieves a single API key by its hash value.GetApiKeyByToken- retrieves a single API key identified by its token.RenameByHash- renames an API key that was identified by its hash value.RenameByToken- renames an API key that was identified by its token.RevokeByHash- revokes an API key identified by its hash value.RevokeByToken- revokes an API key identified by its token.
Create
When you generate an API key, you must define audience and content scopes. The following scopes are required for Experience Edge:
audience-delivery- authorizes access to the Delivery GraphQL API.content-#everything#- allows access to all content.
You cannot create additional scopes or scope types.
The Create endpoint generates an API key:
- Relative route:
/ - HTTP verb:
POST - Body: The structure of DeliveryApiKeyInfo is as follows:
- Response: The response is the API token, which is a base 64 string. Example API token:
MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3 - Example: The following example requests the scope of audience-delivery. This means that the returned sc_apikey is valid for the Delivery GraphQL API:
ListAll
The ListAll endpoint lists all API keys in your tenant:
- Relative route:
/ - HTTP verb:
GET - Query string parameters: The following parameters are required
scopesArray of stringsDefines the scopes of the returned keys. If not provided, all keys are returned.The available scopes areaudience-deliveryandcontent-#everything#.labelStringDefines the label or part of the label to filter the keys. All keys containing this string are returned. If not provided, all keys are returned.pagesizeIntegerDefines the number of keys returned per page. Default: 20.pagenumberIntegerDefines the page number to be returned. Default: 1 (returns the first page).filterRevokedBooleanDefines whether the call returns all keys or active keys only.Use the following example structure to query using parameters:https://edge.sitecorecloud.io/api/apikey/v1?scopes=audience-delivery&label=mine&filterRevoked=true&pagesize=50&pagenumber=3NoteThescopesparameter is enumerable. It can appear multiple times in the query string. - Response: The response is an array of DeliveryApiKey that satisfies the filters and paging settings provided along with the paging metadata:
GetApiKeyByHash
The GetApiKeyByHash endpoint retrieves a single API key by its hash value:
- Relative route:
/{hash} - HTTP verb:
GET - Route parameters: The following parameter is required
hashStringThe hash of the key to retrieve. - Response: The response is the DeliveryApiKey that corresponds to the token:
GetApiKeyByToken
The GetApiKeyByToken endpoint retrieves a single API key identified by its token:
- Relative route:
/token - HTTP verb:
GET - Header: The following header is required
sc_apikeyStringThe token of the key to retrieve. - Response: The response is the DeliveryApiKey that corresponds to the token:
RenameByHash
The RenameByHash endpoint renames an API key identified by its hash value:
| Relative route | /renamebyhash/{hash} |
|---|---|
| HTTP verb | PUT |
| Route parameters | The following parameter is required: NameFormatPurpose hashStringThe hash of the key to rename. |
| Body | The body request must contain the following fields: NameFormatPurpose newNameStringThe new name of the API key. |
| Response format | The response is a Boolean value indicating whether the key was renamed successfully. |
RenameByToken
The RenameByToken endpoint renames an API key identified by its token:
| Relative route | /renamebytoken |
|---|---|
| HTTP verb | PUT |
| Header | The following header is required: NameFormatPurpose sc_apikeyStringThe token of the key to be renamed. |
| Body | The body request must contain the following fields: NameFormatPurpose newNameStringThe new name of the API key. |
| Response | The response is a Boolean value indicating whether the key was renamed successfully. |
RevokeByHash
The RevokeByHash endpoint revokes an API key identified by its hash value:
| Relative route | /revokebyhash/{hash} |
|---|---|
| HTTP verb | PUT |
| Route parameters | The following parameter is required: NameFormatPurpose hashStringThe hash of the key to revoke. |
| Response | The response is a Boolean value indicating whether the key was revoked successfully. |
RevokeByToken
The RevokeByToken endpoint revokes an API key identified by its token.
| Relative route | /revokebytoken |
|---|---|
| HTTP verb | PUT |
| Header | The following header is required: NameFormatPurpose sc_apikeyStringThe token of the key to revoke. |
| Response | The response is a Boolean value indicating whether the key was revoked successfully. |