Sitecore API catalog

Welcome to the Sitecore catalog of REST APIs. The REST API documentation in this catalog follows the OpenAPI specification and features an interface that enables authenticated users to send requests directly to their tenant. You can use this interactive console to authenticate, enter custom parameter values, send requests, and inspect responses. You can also download OpenAPI definition files straight from the documentation.

Sitecore CDP

Sitecore CDP Audience export REST API

Use the Audience export REST API to access the output of an audience export job. After an export job finishes running, its output becomes available at presigned URLs. You can download the output of the export job by opening the URLs. You can access output URLs in two ways: Retrieve the output URLs for the most recently finished export job. First retrieve a list of all finished export jobs of the export, then retrieve the output URLs for any finished export job of your choice. Note the following: To use this REST API, you must authorize your API requests. All API requests are made in your production environment. For more information, see the official Sitecore CDP developer documentation . Authorization The Audience export REST API uses the OAuth 2.0 standard with JSON web tokens to authorize REST API requests. Create an API key In the Sitecore Cloud Portal, open Sitecore CDP. Click Developer center > API keys > Create . Name your API key and select a feature. Then, click Save . The API key and the API secret display. Copy the API key and the API secret because you won't be able to view them again in Sitecore CDP. You'll use them to request an access token. Request an access token Run the following cURL command to request an access token. Replace the placeholder values with your API key and API secret. curl -X POST 'https://auth.sitecorecloud.io/oauth/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'client_id={YOUR_API_KEY}' --data-urlencode 'client_secret={YOUR_API_SECRET}' --data-urlencode 'grant_type=client_credentials' --data-urlencode 'audience=https://api.sitecorecloud.io' In the response, the access_token key contains the access token: { "access_token": "{YOUR_ACCESS_TOKEN}", "scope": "cdp.audience_exports:r", "expires_in": 86400, "token_type": "Bearer" } Access tokens expire in 24 hours. If your requests unexpectedly return a response with status 401 Unauthorized , request a new access token by repeating this POST request. We recommend that you cache the access token for 24 hours to avoid repeating this POST request while the access token is still valid. Include the access token in the request header You can now start making REST API requests. You must include the access token in the request header of every request. For example: curl -X GET '{YOUR_BASE_URL}/v2/...' -H 'Authorization: Bearer {YOUR_ACCESS_TOKEN}' -H 'Accept: application/json'

Sitecore CDP Guest REST API

Use the Guest REST API to create, retrieve, update, and delete guest data in Sitecore CDP. This REST API lets you interact with: The guest object. The guest object is the core entity of Sitecore CDP. It stores the personal data of a customer, and all relevant transactional and behavioral data is linked in a guest profile. The guest data extension object. A guest data extension is an object that lets you specify any key-value pairs you want. Guest data extensions are optional and enable your organization to capture more robust information about your guests. After capturing guest information, Sitecore CDP users can: View the captured data in the guest profile . Use the captured data to build segments of guests . Export audience data to activate audiences outside Sitecore CDP. Note the following: To use this REST API, you must authenticate your API requests. All API requests are made in your production environment. This reference documentation describes Sitecore CDP functionality for data model 2.1. For more information, see the official Sitecore CDP developer documentation . Authentication The Guest REST API uses basic authentication. Basic authentication involves sending a user name and a password with every request. To find your user name and password, in Sitecore CDP, on the navigation pane, click Settings > API access : The user name is the Client key . The password is the API token . You must include the user name and password in every request you make. For example: curl -X GET '{baseURL}/v2/guests' -u '{YOUR_USERNAME}:{YOUR_PASSWORD}' -H 'Accept: application/json'

Sitecore Cloud Portal

Sitecore Edge Platform Admin API

Use the Edge Platform Admin API to create, retrieve, update, and delete custom hostnames in your organization. This REST API lets you interact with: The custom hostname object. Use a custom hostname to serve content or direct traffic to specific web services or applications under your organization's domain. After creating a custom hostname, you must: Register the hostname . Add the CNAME and TXT records to verify domain ownership. Check the status . Ensure that it is active before using the hostname. Note the following: You must have an Organization Admin or Organization Owner role in Sitecore Cloud Portal. To use this REST API, you must authenticate your API requests. All API requests are made in your production environment. For more information, see the official Sitecore Portal developer documentation . Authentication The Edge Platform Admin API uses bearer authentication. Bearer authentication involves security tokens called bearer tokens, which are generated in response to a login request. To get the bearer token : Log in to Sitecore Cloud Portal . In the top-right corner of the menu bar, click your profile > API tokens . Click Copy to clipboard . You can now start making REST API requests. You must include this token in the authorization header of every request you make.

Sitecore XM Cloud

Sitecore XM Apps REST API

Use the XM Apps REST API for managing sites, site collections, pages, and languages in the XM Apps system. This API lets you interact with: The Site Collection object. Use a site collection to group together related sites that share the same resources. The Site object. The site object is the core entity that represents a website in the customer portfolio. The Language object. The language object is used to manage the languages available to a tenant and site. The Job object. The job object is used to manage running background jobs. Note the following: All API requests are made in your production environment. For more information, see the official Sitecore XM Cloud developer documentation . Authorization To authorize your requests, use environment automation client credentials and generate a JSON Web Token (JWT). The token is valid for all the environments in an organization. Note: To create client credentials, you must be an Organization Admin or Organization Owner. Create an automation client In the Sitecore Cloud Portal, open XM Cloud Deploy. Click Credentials > Environment > Create credentials > Automation . Fill out the automation client details, then click Create . Copy the client ID and the client secret because you won't be able to view them again in XM Cloud Deploy. You'll use them to request a JWT. Request a JWT Run the following cURL command to request a JWT. Replace the placeholder values with your client ID and client secret. curl -X POST 'https://auth.sitecorecloud.io/oauth/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'client_id={YOUR_CLIENT_ID}' --data-urlencode 'client_secret={YOUR_CLIENT_SECRET}' --data-urlencode 'grant_type=client_credentials' --data-urlencode 'audience=https://api.sitecorecloud.io' In the response, the access_token key contains the JWT: { "access_token": "{YOUR_JWT}", "scope": "xmcloud.cm:admin", "expires_in": 86400, "token_type": "Bearer" } The JWT expires in 24 hours. If your requests unexpectedly return a response with status 401 Unauthorized , request a new JWT by repeating this POST request. We recommend that you cache the JWT for 24 hours to avoid repeating this POST request while the JWT is still valid. Include the JWT in the request header You can now start making REST API requests. You must include the JWT in the request header of every request. For example: curl -X GET '{YOUR_BASE_URL}/...' -H 'Authorization: Bearer {YOUR_JWT}' -H 'Accept: application/json'