1
Sitecore API catalog
Welcome to the Sitecore catalog of REST APIs. The REST API documentation in this catalog follows the OpenAPI specification and features an interface that enables authenticated users to send requests directly to their tenant. You can use this interactive console to authenticate, enter custom parameter values, send requests, and inspect responses. You can also download OpenAPI definition files straight from the documentation.
SitecoreAI
4
Agent API
The Agent API allows AI agents to take direct action in Sitecore through secure REST endpoints. It supports common digital experience tasks such as creating pages, adding components, and updating content. As part of Sitecore's interoperability approach, the Agent API allows agentic platforms and other connected systems to interact directly with Sitecore. When an AI agent receives a natural language request, it can call the appropriate Agent API endpoints to complete the task. For example, a request to create a new landing page might trigger an endpoint in Sitecore that automatically builds the page. If the AI agent performs an unintended action, you can use the job ID to revert it. Each operation is tracked to ensure safe rollback when needed. All Agent API actions follow the built-in security and approval rules in Sitecore, keeping work safe, traceable, and auditable. In addition to AI agent-driven workflows, developers can also use the REST API directly to interact with the following objects: Sites - retrieve and manage sites and their pages. Pages - create and manage pages and components. Content - create and organize content items. Components - retrieve and manage components and datasources. Assets - upload and manage digital assets. Environments - retrieve environment and language details. Personalization - manage personalized content variants. Jobs - view or revert job operations. Brand kits - retrieve brand kits and their details. Briefs - retrieve brief types, generate and create briefs. Note the following: To use this REST API, you authenticate your API requests. All API requests are made in your production environment. The Agent API also powers the Marketer MCP, which uses these endpoints to perform agentic operations in Sitecore. Read more about the Marketer MCP . Authorization To authorize your requests, use environment automation client credentials and generate a JSON Web Token (JWT). You can also register an OAuth app if your integration requires the OAuth 2.0 authorization code flow. Note: To create client credentials, you must be an Organization Admin or Organization Owner. Create an automation client In the Sitecore Cloud Portal, open SitecoreAI Deploy. Click Credentials > Environment > Create credentials > Automation . Fill out the automation client details, then click Create . Copy the client ID and the client secret because you won't be able to view them again in SitecoreAI Deploy. You'll use them to request a JWT. Register an OAuth app for the Agent API The Agent API uses the OAuth 2.0 authorization code flow to securely authenticate requests from external applications. Each application must have an OAuth app registration, which identifies the app and defines the parts of the Sitecore platform it can access. If you plan to register an OAuth app that uses the Agent API, you must submit a registration request to Sitecore Support and request the following scopes: xmcloud.cm:admin personalize.exp:mng personalize.tmpl:r personalize.pos:mng ai.org.bri:r co.briefs:r co.briefs:w ai.org.brd:r ai.org.bri:w Request a JWT Run the following cURL command to request a JWT. Replace the placeholder values with your client ID and client secret. curl -X POST 'https://auth.sitecorecloud.io/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id={YOUR_CLIENT_ID}' \
--data-urlencode 'client_secret={YOUR_CLIENT_SECRET}' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'audience=https://api.sitecorecloud.io' In the response, the access_token key contains the JWT: {
"access_token": "{YOUR_JWT}",
"scope": "xmcloud.cm:admin",
"expires_in": 86400,
"token_type": "Bearer"
} The JWT expires in 24 hours. If your requests unexpectedly return a response with status 401 Unauthorized , request a new JWT by repeating this POST request. We recommend that you cache the JWT for 24 hours to avoid repeating this POST request while the JWT is still valid. Include the JWT in the request header You can now start making REST API requests. You must include the JWT in the request header of every request. For example: curl -X GET '{YOUR_BASE_URL}/...' \
-H 'Authorization: Bearer {YOUR_JWT}' \
-H 'Accept: application/json'
Pages API
Use the Pages API for managing your site pages in SitecoreAI. This API lets you interact with your pages, including: Creating, updating, retrieving, and deleting pages. Retrieving versions and variants. Update layouts. Note the following: All API requests are made in your production environment. For more information, see the official SitecoreAI developer documentation . Authorization To authorize your requests, use environment automation client credentials and generate a JSON Web Token (JWT). Note: To create client credentials, you must be an Organization Admin or Organization Owner. Create an automation client In the Sitecore Cloud Portal, open SitecoreAI Deploy. Click Credentials > Environment > Create credentials > Automation . Fill out the automation client details, then click Create . Copy the client ID and the client secret because you won't be able to view them again in SitecoreAI Deploy. You'll use them to request a JWT. Request a JWT Run the following cURL command to request a JWT. Replace the placeholder values with your client ID and client secret. curl -X POST 'https://auth.sitecorecloud.io/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id={YOUR_CLIENT_ID}' \
--data-urlencode 'client_secret={YOUR_CLIENT_SECRET}' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'audience=https://api.sitecorecloud.io' In the response, the access_token key contains the JWT: {
"access_token": "{YOUR_JWT}",
"scope": "xmcloud.cm:admin",
"expires_in": 86400,
"token_type": "Bearer"
} The JWT expires in 24 hours. If your requests unexpectedly return a response with status 401 Unauthorized , request a new JWT by repeating this POST request. We recommend that you cache the JWT for 24 hours to avoid repeating this POST request while the JWT is still valid. Include the JWT in the request header You can now start making REST API requests. You must include the JWT in the request header of every request. For example: curl -X GET '{YOUR_BASE_URL}/...' \
-H 'Authorization: Bearer {YOUR_JWT}' \
-H 'Accept: application/json'
Publishing API
Use the XM Cloud Publishing API to manage publishing jobs for a specific XM Cloud tenant. This API lets you create new publishing jobs, list both running and completed publishing jobs, and retrieve statistics about the publishing jobs of an XM Cloud tenant. Authentication To use the Publishing API, you need a JWT token requested using an automation client . This is sent with every request. To use publishing endpoints, your token must include the required scopes.
Sites API
Use the Sites API for managing sites, site collections and languages in the XM Apps system. This API lets you interact with: The Site Collection object. Use a site collection to group together related sites that share the same resources. The Site object. The site object is the core entity that represents a website in the customer portfolio. The Language object. The language object is used to manage the languages available to a tenant and site. The Job object. The job object is used to manage running background jobs. Note the following: All API requests are made in your production environment. For more information, see the official SitecoreAI developer documentation . Authorization To authorize your requests, use environment automation client credentials and generate a JSON Web Token (JWT). Note: To create client credentials, you must be an Organization Admin or Organization Owner. Create an automation client In the Sitecore Cloud Portal, open SitecoreAI Deploy. Click Credentials > Environment > Create credentials > Automation . Fill out the automation client details, then click Create . Copy the client ID and the client secret because you won't be able to view them again in SitecoreAI Deploy. You'll use them to request a JWT. Request a JWT Run the following cURL command to request a JWT. Replace the placeholder values with your client ID and client secret. curl -X POST 'https://auth.sitecorecloud.io/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id={YOUR_CLIENT_ID}' \
--data-urlencode 'client_secret={YOUR_CLIENT_SECRET}' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'audience=https://api.sitecorecloud.io' In the response, the access_token key contains the JWT: {
"access_token": "{YOUR_JWT}",
"scope": "xmcloud.cm:admin",
"expires_in": 86400,
"token_type": "Bearer"
} The JWT expires in 24 hours. If your requests unexpectedly return a response with status 401 Unauthorized , request a new JWT by repeating this POST request. We recommend that you cache the JWT for 24 hours to avoid repeating this POST request while the JWT is still valid. Include the JWT in the request header You can now start making REST API requests. You must include the JWT in the request header of every request. For example: curl -X GET '{YOUR_BASE_URL}/...' \
-H 'Authorization: Bearer {YOUR_JWT}' \
-H 'Accept: application/json'