Sitecore API catalog

Welcome to the Sitecore catalog of REST APIs. The REST API documentation in this catalog follows the OpenAPI specification and features an interface that enables authenticated users to send requests directly to their tenant. You can use this interactive console to authenticate, enter custom parameter values, send requests, and inspect responses. You can also download OpenAPI definition files straight from the documentation.

XM Cloud

Pages API

Use the Pages API for managing your site pages in XM Cloud. This API lets you interact with your pages, including: Creating, updating, retrieving, and deleting pages. Retrieving versions and variants. Update layouts. Note the following: All API requests are made in your production environment. For more information, see the official Sitecore XM Cloud developer documentation . Authorization To authorize your requests, use environment automation client credentials and generate a JSON Web Token (JWT). Note: To create client credentials, you must be an Organization Admin or Organization Owner. Create an automation client In the Sitecore Cloud Portal, open XM Cloud Deploy. Click Credentials > Environment > Create credentials > Automation . Fill out the automation client details, then click Create . Copy the client ID and the client secret because you won't be able to view them again in XM Cloud Deploy. You'll use them to request a JWT. Request a JWT Run the following cURL command to request a JWT. Replace the placeholder values with your client ID and client secret. curl -X POST 'https://auth.sitecorecloud.io/oauth/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'client_id={YOUR_CLIENT_ID}' \ --data-urlencode 'client_secret={YOUR_CLIENT_SECRET}' \ --data-urlencode 'grant_type=client_credentials' \ --data-urlencode 'audience=https://api.sitecorecloud.io' In the response, the access_token key contains the JWT: { "access_token": "{YOUR_JWT}", "scope": "xmcloud.cm:admin", "expires_in": 86400, "token_type": "Bearer" } The JWT expires in 24 hours. If your requests unexpectedly return a response with status 401 Unauthorized , request a new JWT by repeating this POST request. We recommend that you cache the JWT for 24 hours to avoid repeating this POST request while the JWT is still valid. Include the JWT in the request header You can now start making REST API requests. You must include the JWT in the request header of every request. For example: curl -X GET '{YOUR_BASE_URL}/...' \ -H 'Authorization: Bearer {YOUR_JWT}' \ -H 'Accept: application/json'

Publishing API

Use the XM Cloud Publishing API to manage publishing jobs for a specific XM Cloud tenant. This API lets you create new publishing jobs, list both running and completed publishing jobs, and retrieve statistics about the publishing jobs of an XM Cloud tenant. Authentication To use this API, you need a JWT token requested using an automation client . This is sent with every request. To use publishing endpoints, your token must include the required scopes.

Sites API

Use the Sites API for managing sites, site collections and languages in the XM Apps system. This API lets you interact with: The Site Collection object. Use a site collection to group together related sites that share the same resources. The Site object. The site object is the core entity that represents a website in the customer portfolio. The Language object. The language object is used to manage the languages available to a tenant and site. The Job object. The job object is used to manage running background jobs. Note the following: All API requests are made in your production environment. For more information, see the official Sitecore XM Cloud developer documentation . Authorization To authorize your requests, use environment automation client credentials and generate a JSON Web Token (JWT). Note: To create client credentials, you must be an Organization Admin or Organization Owner. Create an automation client In the Sitecore Cloud Portal, open XM Cloud Deploy. Click Credentials > Environment > Create credentials > Automation . Fill out the automation client details, then click Create . Copy the client ID and the client secret because you won't be able to view them again in XM Cloud Deploy. You'll use them to request a JWT. Request a JWT Run the following cURL command to request a JWT. Replace the placeholder values with your client ID and client secret. curl -X POST 'https://auth.sitecorecloud.io/oauth/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'client_id={YOUR_CLIENT_ID}' \ --data-urlencode 'client_secret={YOUR_CLIENT_SECRET}' \ --data-urlencode 'grant_type=client_credentials' \ --data-urlencode 'audience=https://api.sitecorecloud.io' In the response, the access_token key contains the JWT: { "access_token": "{YOUR_JWT}", "scope": "xmcloud.cm:admin", "expires_in": 86400, "token_type": "Bearer" } The JWT expires in 24 hours. If your requests unexpectedly return a response with status 401 Unauthorized , request a new JWT by repeating this POST request. We recommend that you cache the JWT for 24 hours to avoid repeating this POST request while the JWT is still valid. Include the JWT in the request header You can now start making REST API requests. You must include the JWT in the request header of every request. For example: curl -X GET '{YOUR_BASE_URL}/...' \ -H 'Authorization: Bearer {YOUR_JWT}' \ -H 'Accept: application/json'