Create the API key

Current version: 20.x

Experience Edge for XM has several APIs and uses two different mechanisms for authentication. To execute any operation in one of Experience Edges protected APIs other than the Delivery API, the calling system must first obtain an authentication token in JSON Web Token format. Before you can use the Delivery IDE and the Preview IDE, you must create an API key.

Create the API key for the Delivery IDE

The Delivery API IDE uses the Delivery API. The Delivery API is a GraphQL API that is hosted on the Delivery Platform and provides access only to approved and published content. You must authenticate with an API key for all requests to the Delivery API.


Use OAuth to obtain a JWT before you create an API key.

To create an API key:

  • Call the create endpoint to create the API key. Make sure to provide the scope and add:

    • “content-#everything#”

    • “audience-delivery”


    Make sure to save this token in a secure place. Sitecore does not store this token, and the token cannot be retrieved from the system after creation.

    curl --request POST --url "" --header "content-type: application/json" --header "Authorization: Bearer <JWT token>" --data "{ \"CreatedBy\":\"ADN\", \"Label\":\"Website token\", \"Scopes\": [\"content-#everything#\", \"audience-delivery\"] }"

    The response is the token for the API key which must be passed in the sc_apikey header.

Create the API key for the Preview IDE

The Preview API IDE provides the same functionality as the Delivery IDE, but it executes against the Preview API on your self-hosted Sitecore XM instance. You can use the Preview endpoint testing UI to test your queries. The Preview endpoint (/sitecore/api/graph/edge) on your self-hosted Sitecore XM instance is enabled by default. However, you must create an API key and pass it with your GraphQL request.

To create an API key:

  1. Create a Sitecore Services Client API key.


    You may already have an API key. For example, if you are using a Getting Started template such as the Next.js dotnet new Template. If you prefer to create an API key that can only be used with the Experience Edge preview schema, in the Allowed Controllers field, specify the following: Sitecore.Services.GraphQL.Hosting.Mvc.GraphQLController;GraphQL:/sitecore/api/graph/edge

  2. Once you have generated your token, you must pass your API token in the headers for your request. Click HTTP headers and add the token in the following format: {"sc_apikey": "YOUR_TOKEN"} Now you will be able to query your data and see results returned.


    Sitecore Services Client and Sitecore GraphQL also accept API keys via query string. However, we recommend to use the sc_apikey HTTP header as this is mirrors the behavior of Experience Edge.

Do you have some feedback for us?

If you have suggestions for improving this article,