Request a JWT for Experience Edge XM using OAuth


Create the access token that you need to call the protected APIs.

Sitecore Experience Edge for XM uses the OAuth authorization framework for security. OAuth allows one program to authorize another program to make changes on behalf of an account holder or end-user.

To execute any operation in any of Experience Edges protected APIs other than the Delivery API, the calling system must first obtain an authentication token (in JSON Web Token (JWT) format) and include it in every call it makes to Edge. Following successful authentication, the calling application will have access to an access token, which can be used to call the protected APIs.

To request a token:

  1. Request an access token for the Experience Edge APIs by using a POST request.

    For example, request the JWT using the curl client:

    curl --request POST --url "" --header "content-type: application/x-www-form-urlencoded" --data grant_type=client_credentials --data client_id=<clientid> --data client_secret=<clientsecret> --data audience=<tenant-id>





    Set this to client_credentials.


    The client ID for your tenant as provided by Sitecore.


    The client secret for your tenant as provided by Sitecore.


    The audience for your tenant as provided by Sitecore. It will be in the form with tenant-id substituted for your tenant ID.

  2. You will receive the access_token, token_type, and expires_in values. Now you can pass the retrieved access token as a Bearer token in the Authorization header of your HTTP request.


    Pay attention to the expires_in property of the response because JWTs typically expire in 24 hours. After that time, the token is invalid and you must request a new token.