1
Sitecore API catalog
Welcome to the Sitecore catalog of REST APIs. The REST API documentation in this catalog follows the OpenAPI specification and features an interface that enables authenticated users to send requests directly to their tenant. You can use this interactive console to authenticate, enter custom parameter values, send requests, and inspect responses. You can also download OpenAPI definition files straight from the documentation.
AI capabilities
4
Agent API
The Agent API allows AI agents to take direct action in Sitecore through secure REST endpoints. It supports common digital experience tasks such as creating pages, adding components, and updating content. As part of Sitecore's interoperability approach, the Agent API allows agentic platforms and other connected systems to interact directly with Sitecore. When an AI agent receives a natural language request, it can call the appropriate Agent API endpoints to complete the task. For example, a request to create a new landing page might trigger an endpoint in Sitecore that automatically builds the page. If the AI agent performs an unintended action, you can use the job ID to revert it. Each operation is tracked to ensure safe rollback when needed. All Agent API actions follow the built-in security and approval rules in Sitecore, keeping work safe, traceable, and auditable. In addition to AI agent-driven workflows, developers can also use the REST API directly to interact with the following objects: Sites - retrieve and manage sites and their pages. Pages - create and manage pages and components. Content - create and organize content items. Components - retrieve and manage components and datasources. Assets - upload and manage digital assets. Environments - retrieve environment and language details. Personalization - manage personalized content variants. Jobs - view or revert job operations. Note the following: To use this REST API, you authenticate your API requests. All API requests are made in your production environment. The Agent API also powers the Marketer MCP, which uses these endpoints to perform agentic operations in Sitecore. Read more about the Marketer MCP . Authorization To authorize your requests, use environment automation client credentials and generate a JSON Web Token (JWT). You can also register an OAuth app if your integration requires the OAuth 2.0 authorization code flow. Note: To create client credentials, you must be an Organization Admin or Organization Owner. Create an automation client In the Sitecore Cloud Portal, open SitecoreAI Deploy. Click Credentials > Environment > Create credentials > Automation . Fill out the automation client details, then click Create . Copy the client ID and the client secret because you won't be able to view them again in SitecoreAI Deploy. You'll use them to request a JWT. Register an OAuth app for the Agent API The Agent API uses the OAuth 2.0 authorization code flow to securely authenticate requests from external applications. Each application must have an OAuth app registration, which identifies the app and defines the parts of the Sitecore platform it can access. If you plan to register an OAuth app that uses the Agent API, you must submit a registration request to Sitecore Support and request the following scopes: xmcloud.cm:admin personalize.exp:mng personalize.tmpl:r personalize.pos:mng Request a JWT Run the following cURL command to request a JWT. Replace the placeholder values with your client ID and client secret. curl -X POST 'https://auth.sitecorecloud.io/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id={YOUR_CLIENT_ID}' \
--data-urlencode 'client_secret={YOUR_CLIENT_SECRET}' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'audience=https://api.sitecorecloud.io' In the response, the access_token key contains the JWT: {
"access_token": "{YOUR_JWT}",
"scope": "xmcloud.cm:admin",
"expires_in": 86400,
"token_type": "Bearer"
} The JWT expires in 24 hours. If your requests unexpectedly return a response with status 401 Unauthorized , request a new JWT by repeating this POST request. We recommend that you cache the JWT for 24 hours to avoid repeating this POST request while the JWT is still valid. Include the JWT in the request header You can now start making REST API requests. You must include the JWT in the request header of every request. For example: curl -X GET '{YOUR_BASE_URL}/...' \
-H 'Authorization: Bearer {YOUR_JWT}' \
-H 'Accept: application/json'
Brand Management API
Use the Brand Management REST API to create a brand kit , retrieve all brand kits or a specific one including sections and subsections, and create or update the content of individual subsections. This REST API lets you interect with: The brand kit object. A brand kit is a structured resource that enables organizations to manage their brand across various channels, teams, and content types. It defines the brand's identity through guidelines, tone, messaging rules, and other defining traits. After creating a brand kit using the Brand Management REST API, you can use the Documents REST API to upload brand documents and the Pipeline REST API to initiate the brand ingestion process. Note the following: To use this REST API, you must authenticate your API requests. All API requests are made in your production environment. For more information, see the official Sitecore Stream documentation . Authorization The Brand Management REST API uses the OAuth 2.0 standard with JSON web tokens to authorize REST API requests. Create Client ID and Client Secret In the Sitecore Cloud Portal, open Stream. Click Admin > Brand Kit keys > Create credential . In the Create New Client dialog, enter a name and description for the client. Then click Create . The Client ID and Client Secret display. Copy the Client ID and Client Secret because you won't be able to view them again in Stream. You'll use them to request an access token. Request an access token Run the following cURL command to request an access token. Replace the placeholder values with your Client ID and Client Secret. curl -X POST 'https://auth.sitecorecloud.io/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id={YOUR_API_KEY}' \
--data-urlencode 'client_secret={YOUR_API_SECRET}' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'audience=https://api.sitecorecloud.io' In the response, the access_token key contains the access token: {
"access_token": "{YOUR_ACCESS_TOKEN}",
"scope": "ai.org.brd:w ai.org.brd:r ai.org.docs:w ai.org.docs:r ai.org:admin",
"expires_in": 86400,
"token_type": "Bearer"
} Access tokens expire in 24 hours. If your requests unexpectedly return a response with status 401 Unauthorized , request a new access token by repeating this POST request. We recommend that you cache the access token for 24 hours to avoid repeating this POST request while the access token is still valid. Include the access token in the request header You can now start making REST API requests. You must include the access token in the request header of every request. For example: curl -X GET '{YOUR_BASE_URL}/v2/...' \
-H 'Authorization: Bearer {YOUR_ACCESS_TOKEN}' \
-H 'Accept: application/json'
Document Management API
Use the Document Management REST API lets you upload documents to your organization's brand kit. You can also retrieve documents or delete them when needed. This REST API lets you interect with: The document object. A brand document serves as a source material for your organization's brand. These can include brand guidelines, tone of voice, or messaging frameworks. After uploading documents, you can use the Pipeline REST API to initiate the brand ingestion process. This enables Sitecore to analyze the uploaded documents, create a database of brand knowledge, and populate the brand kit's sections with relevant content. Note the following: To use this REST API, you must authenticate your API requests. All API requests are made in your production environment. For more information, see the official Sitecore Stream documentation . Authorization The Document Management REST API uses the OAuth 2.0 standard with JSON web tokens to authorize REST API requests. Create Client ID and Client Secret In the Sitecore Cloud Portal, open Stream. Click Admin > Brand Kit keys > Create credential . In the Create New Client dialog, enter a name and description for the client. Then click Create . The Client ID and Client Secret display. Copy the Client ID and Client Secret because you won't be able to view them again in Stream. You'll use them to request an access token. Request an access token Run the following cURL command to request an access token. Replace the placeholder values with your Client ID and Client Secret. curl -X POST 'https://auth.sitecorecloud.io/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id={YOUR_API_KEY}' \
--data-urlencode 'client_secret={YOUR_API_SECRET}' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'audience=https://api.sitecorecloud.io' In the response, the access_token key contains the access token: {
"access_token": "{YOUR_ACCESS_TOKEN}",
"scope": "ai.org.brd:w ai.org.brd:r ai.org.docs:w ai.org.docs:r ai.org:admin",
"expires_in": 86400,
"token_type": "Bearer"
} Access tokens expire in 24 hours. If your requests unexpectedly return a response with status 401 Unauthorized , request a new access token by repeating this POST request. We recommend that you cache the access token for 24 hours to avoid repeating this POST request while the access token is still valid. Include the access token in the request header You can now start making REST API requests. You must include the access token in the request header of every request. For example: curl -X GET '{YOUR_BASE_URL}/v2/...' \
-H 'Authorization: Bearer {YOUR_ACCESS_TOKEN}' \
-H 'Accept: application/json'
Pipeline API
Use the Pipeline REST API to run the brand ingestion and enrichment processes: Brand ingestion analyzes documents uploaded to your brand kit using the Documents REST API . The system analyzes each document page by page, extracts brand information, and breaks it down into smaller pieces called knowledge chunks . These chunks are then organized, vectorized, and stored as your brand knowledge . Enrichment uses existing brand knowledge to automatically populate or update content in brand kit sections and subsections. You don’t need to reingest brand documents to enrich content. This REST API lets you interact with: The pipeline object. A pipeline is a structured process that performs a series of tasks automatically. In this context, pipelines are used to run the brand ingestion and enrichment processes. The resulting brand knowledge and enriched content are made available to Sitecore copilots and other AI agents enabling them to generate consistent, brand-aligned output. Note the following: To use this REST API, you must authenticate your API requests. All API requests are made in your production environment. For more information, see the official Sitecore Stream documentation . Authorization The Pipeline REST API uses the OAuth 2.0 standard with JSON web tokens to authorize REST API requests. Create Client ID and Client Secret In the Sitecore Cloud Portal, open Stream. Click Admin > Brand Kit keys > Create credential . In the Create New Client dialog, enter a name and description for the client. Then click Create . The Client ID and Client Secret display. Copy the Client ID and Client Secret because you won't be able to view them again in Stream. You'll use them to request an access token. Request an access token Run the following cURL command to request an access token. Replace the placeholder values with your Client ID and Client Secret. curl -X POST 'https://auth.sitecorecloud.io/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id={YOUR_API_KEY}' \
--data-urlencode 'client_secret={YOUR_API_SECRET}' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'audience=https://api.sitecorecloud.io' In the response, the access_token key contains the access token: {
"access_token": "{YOUR_ACCESS_TOKEN}",
"scope": "ai.org.brd:w ai.org.brd:r ai.org.docs:w ai.org.docs:r ai.org:admin",
"expires_in": 86400,
"token_type": "Bearer"
} Access tokens expire in 24 hours. If your requests unexpectedly return a response with status 401 Unauthorized , request a new access token by repeating this POST request. We recommend that you cache the access token for 24 hours to avoid repeating this POST request while the access token is still valid. Include the access token in the request header You can now start making REST API requests. You must include the access token in the request header of every request. For example: curl -X GET '{YOUR_BASE_URL}/v2/...' \
-H 'Authorization: Bearer {YOUR_ACCESS_TOKEN}' \
-H 'Accept: application/json'