Request a JWT for Experience Edge XM using OAuth

Current version: 21.x

Sitecore Experience Edge for XM uses the OAuth authorization framework for security. OAuth allows one program to authorize another to make changes on behalf of an account holder or end-user.

To run any operation in any protected Experience Edge APIs other than the Delivery API, the caller must first obtain an authentication token (in JSON Web Token (JWT) format) and include it in every call made to Edge. Following successful authentication, the calling application has access to an access token, which can be used to call the protected APIs.

OAuth Endpoint

When requesting a JWT, you must make a POST request to the OAuth endpoint:

RequestResponse
POST https://auth.sitecorecloud.io/oauth/token
Note

Older tenants previously used https://one-sc-production.eu.auth0.com/oauth/token.

All tenants should use the endpoint https://auth.sitecorecloud.io/oauth/token.

Request headers

For the following cURL examples, the data is encoded as form data. Therefore the POST request must specify the Content-Type request header with the value application/x-www-form-urlencoded .

The endpoint accepts other content-type headers, such as application/json.

Request body

The body of the JWT request to the OAuth endpoint must include the following properties:

Name

Value

audience

New tenants: https://api.sitecorecloud.io

Old tenants: https://delivery.sitecore.cloud/<your-tenant-id>

grant_type

client_credentials

client_id

The client ID for your tenant as provided by Sitecore.

client_secret

The client secret for your tenant, as provided by Sitecore.

To request a token:

  1. Request an access token for the Experience Edge APIs using a POST request.

    For example, for new tenants, you can request the JWT using the curl client as follows:

    RequestResponse
    curl --request POST --url "https://auth.sitecorecloud.io/oauth/token" --header "content-type: application/x-www-form-urlencoded" --data audience=https://api.sitecorecloud.io --data grant_type=client_credentials --data client_id=<your-client-id> --data client_secret=<your-client-secret> 

    For old tenants:

    RequestResponse
    curl --request POST --url "https://auth.sitecorecloud.io/oauth/token" --header "content-type: application/x-www-form-urlencoded" --data audience=https://delivery.sitecore.cloud/<your-tenant-id> --data grant_type=client_credentials --data client_id=<clientid> --data client_secret=<clientsecret> 

    You receive the access_token, token_type, and expires_in values.

  2. Pass the retrieved access token as a Bearer token in the Authorization header of your HTTP request.

Important

Pay attention to the expires_in property of the response because JWTs typically expire in 24 hours. After that time, the token is invalid, and you must request a new token.

Do you have some feedback for us?

If you have suggestions for improving this article,