Walkthrough: Enabling and authorizing requests to the Authoring and Management API
You can explore the Authoring and Management API with an interactive browser-based GraphQL IDE or through HTTP requests. Querying the GraphQL Authoring and Management API programmatically or using the GraphQL IDE requires authorization.
This walkthrough describes how to:
-
Enable the GraphQL IDE
-
Obtain an access token
-
Authorize the GraphQL IDE
-
Authorize HTTP requests
Enable the GraphQL IDE
Using the IDE requires that you are at least in the sitecore\Sitecore Client Users role.
Before using the GraphQL IDE, you must enable it in your settings.
To enable the GraphQL IDE:
-
In a Sitecore configuration patch file, add the following settings:
RequestResponse<setting name="GraphQL.Enabled" value="true" /> <setting name="GraphQL.ExposePlayground" value="true" />
ImportantWe recommend that you only enable the GraphQL IDE in nonproduction environments.
Obtain an access token
To authorize the GraphQL IDE or HTTP requests to perform operations against the Authoring and Management API endpoint, you must obtain an access token.
To obtain an access token:
-
Configure a controller that retrieves a Bearer type access token from the Sitecore Identity Server.
-
Navigate to the controller in a browser. If authentication is successful, the access token is displayed on the page.
-
Copy the
Access token
value.
Authorize the GraphQL IDE
Before performing queries and mutations in the GraphQL IDE, you must authorize the IDE to perform operations.
To authorize the GraphQL IDE:
-
Open the IDE in the browser at
https://<your-server>/sitecore/api/authoring/graphql/playground/
. -
In the IDE's lowe-left pane, the HTTP Headers tab, add the authorization header with the following format:
RequestResponse{ "Authorization": "Bearer <your-token>" }
-
In the IDE's endpoint field (to the right of the History tab), verify that the endpoint is
https://<your-instance>/sitecore/api/authoring/graphql/v1/
. -
Verify your setup by running a query. For example:
RequestResponsequery { sites { name } }
Authorize HTTP requests
HTTP requests against the Authoring and Management API endpoint require authorization.
To authorize your HTTP requests:
-
Add the HTTP
Authorization
header with theBearer
authentication scheme to your request headers. Replace the<access-token>
placeholder with the value of the access token. For example:RequestResponse{ headers: [ { "Authorization": "Bearer <access-token>" } ] }