Walkthrough: Enabling and authorizing requests to the Authoring and Management API

Current version: 10.3

You can explore the Authoring and Management API with an interactive browser-based GraphQL IDE or through HTTP requests. Querying the GraphQL Authoring and Management API programmatically or using the GraphQL IDE requires authorization.

This walkthrough describes how to:

  • Enable the GraphQL IDE

  • Obtain an access token

  • Authorize the GraphQL IDE

  • Authorize HTTP requests

Enable the GraphQL IDE

Using the IDE requires that you are at least in the sitecore\Sitecore Client Users role.

Before using the GraphQL IDE, you must enable it in your settings.

To enable the GraphQL IDE:

  • In a Sitecore configuration patch file, add the following settings:

    RequestResponse
    <setting name="GraphQL.Enabled" value="true" />
    <setting name="GraphQL.ExposePlayground" value="true" />
    
    Important

    We recommend that you only enable the GraphQL IDE in nonproduction environments.

Obtain an access token

To authorize the GraphQL IDE or HTTP requests to perform operations against the Authoring and Management API endpoint, you must obtain an access token.

To obtain an access token:

  1. Configure a controller that retrieves a Bearer type access token from the Sitecore Identity Server.

  2. Navigate to the controller in a browser. If authentication is successful, the access token is displayed on the page.

  3. Copy the Access token value.

Authorize the GraphQL IDE

Before performing queries and mutations in the GraphQL IDE, you must authorize the IDE to perform operations.

To authorize the GraphQL IDE:

  1. Open the IDE in the browser at https://<your-server>/sitecore/api/authoring/graphql/playground/.

  2. In the IDE's lowe-left pane, the HTTP Headers tab, add the authorization header with the following format:

    RequestResponse
    {
        "Authorization": "Bearer <your-token>"
    }
    
  3. In the IDE's endpoint field (to the right of the History tab), verify that the endpoint is https://<your-instance>/sitecore/api/authoring/graphql/v1/.

  4. Verify your setup by running a query. For example:

    RequestResponse
    query {
      sites {
        name
      }
    }
    

Authorize HTTP requests

HTTP requests against the Authoring and Management API endpoint require authorization.

To authorize your HTTP requests:

  • Add the HTTP Authorization header with the Bearer authentication scheme to your request headers. Replace the <access-token> placeholder with the value of the access token. For example:

    RequestResponse
    {
        headers: [
            { "Authorization": "Bearer <access-token>" }
        ]
    }
    

Do you have some feedback for us?

If you have suggestions for improving this article,