Sitecore API catalog

Welcome to the Sitecore catalog of REST APIs. The REST API documentation in this catalog follows the OpenAPI specification and features an interface that enables authenticated users to send requests directly to their tenant. You can use this interactive console to authenticate, enter custom parameter values, send requests, and inspect responses. You can also download OpenAPI definition files straight from the documentation.

AI capabilities
3
Brand Management API
Use the Brand Management REST API to create a brand kit , retrieve all brand kits or a specific one including sections and subsections, and create or update the content of individual subsections. This REST API lets you interect with: The brand kit object. A brand kit is a structured resource that enables organizations to manage their brand across various channels, teams, and content types. It defines the brand's identity through guidelines, tone, messaging rules, and other defining traits. After creating a brand kit using the Brand Management REST API, you can use the Documents REST API to upload brand documents and the Pipeline REST API to initiate the brand ingestion process. Note the following: To use this REST API, you must authenticate your API requests. All API requests are made in your production environment. For more information, see the official Sitecore Stream documentation . Authorization The Brand Management REST API uses the OAuth 2.0 standard with JSON web tokens to authorize REST API requests. Create Client ID and Client Secret In the Sitecore Cloud Portal, open Stream. Click Admin > Brand Kit keys > Create credential . In the ​Create New Client​​ dialog, enter a name and description for the client. Then click Create . The ​Client ID and Client Secret​​ display. Copy the Client ID and Client Secret because you won't be able to view them again in Stream. You'll use them to request an access token. Request an access token Run the following cURL command to request an access token. Replace the placeholder values with your Client ID and Client Secret. curl -X POST 'https://auth.sitecorecloud.io/oauth/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'client_id={YOUR_API_KEY}' \ --data-urlencode 'client_secret={YOUR_API_SECRET}' \ --data-urlencode 'grant_type=client_credentials' \ --data-urlencode 'audience=https://api.sitecorecloud.io' In the response, the access_token key contains the access token: { "access_token": "{YOUR_ACCESS_TOKEN}", "scope": "ai.org.brd:w ai.org.brd:r ai.org.docs:w ai.org.docs:r ai.org:admin", "expires_in": 86400, "token_type": "Bearer" } Access tokens expire in 24 hours. If your requests unexpectedly return a response with status 401 Unauthorized , request a new access token by repeating this POST request. We recommend that you cache the access token for 24 hours to avoid repeating this POST request while the access token is still valid. Include the access token in the request header You can now start making REST API requests. You must include the access token in the request header of every request. For example: curl -X GET '{YOUR_BASE_URL}/v2/...' \ -H 'Authorization: Bearer {YOUR_ACCESS_TOKEN}' \ -H 'Accept: application/json'
Document Management API
Use the Document Management REST API lets you upload documents to your organization's brand kit. You can also retrieve documents or delete them when needed. This REST API lets you interect with: The document object. A brand document serves as a source material for your organization's brand. These can include brand guidelines, tone of voice, or messaging frameworks. After uploading documents, you can use the Pipeline REST API to initiate the brand ingestion process. This enables Sitecore to analyze the uploaded documents, create a database of brand knowledge, and populate the brand kit's sections with relevant content. Note the following: To use this REST API, you must authenticate your API requests. All API requests are made in your production environment. For more information, see the official Sitecore Stream documentation . Authorization The Document Management REST API uses the OAuth 2.0 standard with JSON web tokens to authorize REST API requests. Create Client ID and Client Secret In the Sitecore Cloud Portal, open Stream. Click Admin > Brand Kit keys > Create credential . In the ​Create New Client​​ dialog, enter a name and description for the client. Then click Create . The ​Client ID and Client Secret​​ display. Copy the Client ID and Client Secret because you won't be able to view them again in Stream. You'll use them to request an access token. Request an access token Run the following cURL command to request an access token. Replace the placeholder values with your Client ID and Client Secret. curl -X POST 'https://auth.sitecorecloud.io/oauth/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'client_id={YOUR_API_KEY}' \ --data-urlencode 'client_secret={YOUR_API_SECRET}' \ --data-urlencode 'grant_type=client_credentials' \ --data-urlencode 'audience=https://api.sitecorecloud.io' In the response, the access_token key contains the access token: { "access_token": "{YOUR_ACCESS_TOKEN}", "scope": "ai.org.brd:w ai.org.brd:r ai.org.docs:w ai.org.docs:r ai.org:admin", "expires_in": 86400, "token_type": "Bearer" } Access tokens expire in 24 hours. If your requests unexpectedly return a response with status 401 Unauthorized , request a new access token by repeating this POST request. We recommend that you cache the access token for 24 hours to avoid repeating this POST request while the access token is still valid. Include the access token in the request header You can now start making REST API requests. You must include the access token in the request header of every request. For example: curl -X GET '{YOUR_BASE_URL}/v2/...' \ -H 'Authorization: Bearer {YOUR_ACCESS_TOKEN}' \ -H 'Accept: application/json'
Pipeline API
Use the Pipeline REST API to run the brand ingestion and enrichment processes: Brand ingestion analyzes documents uploaded to your brand kit using the Documents REST API . The system analyzes each document page by page, extracts brand information, and breaks it down into smaller pieces called knowledge chunks . These chunks are then organized, vectorized, and stored as your brand knowledge . Enrichment uses existing brand knowledge to automatically populate or update content in brand kit sections and subsections. You don’t need to reingest brand documents to enrich content. This REST API lets you interact with: The pipeline object. A pipeline is a structured process that performs a series of tasks automatically. In this context, pipelines are used to run the brand ingestion and enrichment processes. The resulting brand knowledge and enriched content are made available to Sitecore copilots and other AI agents enabling them to generate consistent, brand-aligned output. Note the following: To use this REST API, you must authenticate your API requests. All API requests are made in your production environment. For more information, see the official Sitecore Stream documentation . Authorization The Pipeline REST API uses the OAuth 2.0 standard with JSON web tokens to authorize REST API requests. Create Client ID and Client Secret In the Sitecore Cloud Portal, open Stream. Click Admin > Brand Kit keys > Create credential . In the ​Create New Client​​ dialog, enter a name and description for the client. Then click Create . The ​Client ID and Client Secret​​ display. Copy the Client ID and Client Secret because you won't be able to view them again in Stream. You'll use them to request an access token. Request an access token Run the following cURL command to request an access token. Replace the placeholder values with your Client ID and Client Secret. curl -X POST 'https://auth.sitecorecloud.io/oauth/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'client_id={YOUR_API_KEY}' \ --data-urlencode 'client_secret={YOUR_API_SECRET}' \ --data-urlencode 'grant_type=client_credentials' \ --data-urlencode 'audience=https://api.sitecorecloud.io' In the response, the access_token key contains the access token: { "access_token": "{YOUR_ACCESS_TOKEN}", "scope": "ai.org.brd:w ai.org.brd:r ai.org.docs:w ai.org.docs:r ai.org:admin", "expires_in": 86400, "token_type": "Bearer" } Access tokens expire in 24 hours. If your requests unexpectedly return a response with status 401 Unauthorized , request a new access token by repeating this POST request. We recommend that you cache the access token for 24 hours to avoid repeating this POST request while the access token is still valid. Include the access token in the request header You can now start making REST API requests. You must include the access token in the request header of every request. For example: curl -X GET '{YOUR_BASE_URL}/v2/...' \ -H 'Authorization: Bearer {YOUR_ACCESS_TOKEN}' \ -H 'Accept: application/json'
CDP
3
Audience export API
Use the Audience export REST API to access the output of an audience export job. After an export job finishes running, its output becomes available at presigned URLs. You can download the output of the export job by opening the URLs. The output is available for 35 days after creation. You can access output URLs in two ways: Retrieve the output URLs for the most recently finished export job. First retrieve a list of all finished export jobs of the export, then retrieve the output URLs for any finished export job of your choice. Note the following: To use this REST API, you must authorize your API requests. All API requests are made in your production environment. For more information, see the official Sitecore CDP developer documentation . Authorization The Audience export REST API uses the OAuth 2.0 standard with JSON web tokens to authorize REST API requests. Create an API key In the Sitecore Cloud Portal, open Sitecore CDP. Click Developer center > API keys > Create . Name your API key and select a feature. Then, click Save . The API key and the API secret display. Copy the API key and the API secret because you won't be able to view them again in Sitecore CDP. You'll use them to request an access token. Request an access token Run the following cURL command to request an access token. Replace the placeholder values with your API key and API secret. curl -X POST 'https://auth.sitecorecloud.io/oauth/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'client_id={YOUR_API_KEY}' \ --data-urlencode 'client_secret={YOUR_API_SECRET}' \ --data-urlencode 'grant_type=client_credentials' \ --data-urlencode 'audience=https://api.sitecorecloud.io' In the response, the access_token key contains the access token: { "access_token": "{YOUR_ACCESS_TOKEN}", "scope": "cdp.audience_exports:r", "expires_in": 86400, "token_type": "Bearer" } Access tokens expire in 24 hours. If your requests unexpectedly return a response with status 401 Unauthorized , request a new access token by repeating this POST request. We recommend that you cache the access token for 24 hours to avoid repeating this POST request while the access token is still valid. Include the access token in the request header You can now start making REST API requests. You must include the access token in the request header of every request. For example: curl -X GET '{YOUR_BASE_URL}/v2/...' \ -H 'Authorization: Bearer {YOUR_ACCESS_TOKEN}' \ -H 'Accept: application/json'
Guest API
Use the Guest REST API to create, retrieve, update, and delete guest data in Sitecore CDP. This REST API lets you interact with: The guest object. The guest object is the core entity of Sitecore CDP. It stores the personal data of a customer, and all relevant transactional and behavioral data is linked in a guest profile. The guest data extension object. A guest data extension is an object that lets you specify any key-value pairs you want. Guest data extensions are optional and enable your organization to capture more robust information about your guests. After capturing guest information, Sitecore CDP users can: View the captured data in the guest profile . Use the captured data to build segments of guests . Export audience data to activate audiences outside Sitecore CDP. Note the following: To use this REST API, you must authenticate your API requests. All API requests are made in your production environment. This reference documentation describes Sitecore CDP functionality for data model 2.1. For more information, see the official Sitecore CDP developer documentation . Authentication The Guest REST API uses basic authentication. Basic authentication involves sending a user name and a password with every request. To find your user name and password, in Sitecore CDP, on the navigation pane, click Settings > API access : The user name is the Client key . The password is the API token . You must include the user name and password in every request you make. For example: curl -X GET '{baseURL}/v2/guests' \ -u '{YOUR_USERNAME}:{YOUR_PASSWORD}' \ -H 'Accept: application/json'
Order API
Use the Order REST API to create, retrieve, update, and delete order data in Sitecore CDP. This REST API lets you interact with the following objects: Order - the parent for all other objects, containing attributes common to the entire order. Order item - something that has been purchased as part of the order. Order contact - the primary contact person for an order. Order consumer - the person that consumes the order item. Order data extension - any key-value pairs you want to add to the order object. Order item data extension - any key-value pairs you want to add to the order item object. Note the following: To use this REST API, you must authenticate your API requests. All API requests are made in your production environment. This reference documentation describes Sitecore CDP functionality for data model 2.1. For more information, see the official Sitecore CDP developer documentation , including examples of order items and order item data extensions. Authentication The Order REST API uses basic authentication. Basic authentication involves sending a user name and a password with every request. To find your user name and password, in Sitecore CDP, on the navigation pane, click Settings > API access : The user name is the Client key . The password is the API token . You must include the user name and password in every request you make. For example: curl -X GET '{baseURL}/v2.1/orders' \ -u '{YOUR_USERNAME}:{YOUR_PASSWORD}' \ -H 'Accept: application/json' Get started To create your first order and find it in Sitecore CDP: Create an order. The response contains the order reference. Create an order contact using the order reference. Make sure to provide enough identity information according to your organization's identity rules . This associates a guest with the order. In the response, in guest.href , the guest reference is the string that follows the final slash. Copy the guest reference. In Sitecore CDP, click Guests . In the Search field, enter the guest reference, then click the Guest type: All filter. Then, Sitecore CDP lists the guest profile for the guest. On the Guest Profile page, click the Orders tab. The order you previously created displays.
Cloud Portal
1
Edge Platform Admin API
Use the Edge Platform Admin API to create, retrieve, update, and delete custom hostnames in your organization. This REST API lets you interact with: The custom hostname object. Use a custom hostname to serve content or direct traffic to specific web services or applications under your organization's domain. After creating a custom hostname, you must: Register the hostname . Add the CNAME and TXT records to verify domain ownership. Check the status . Ensure that it is active before using the hostname. Note the following: You must have an Organization Admin or Organization Owner role in Sitecore Cloud Portal. To use this REST API, you must authenticate your API requests. All API requests are made in your production environment. For more information, see the official Sitecore Portal developer documentation . Authentication The Edge Platform Admin API uses bearer authentication. Bearer authentication involves security tokens called bearer tokens, which are generated in response to a login request. To get the bearer token : Log in to Sitecore Cloud Portal . In the top-right corner of the menu bar, click your profile > API tokens . Click Copy to clipboard . You can now start making REST API requests. You must include this token in the authorization header of every request you make.
Content Hub
5
Download orders API
Use the Download orders API to create and retrieve download orders. A download order is a compressed file that contains media files, such as images, vectors, or videos. Authentication To use the Download orders API, you need: The URL of your Content Hub server. You can get this from your Content Hub Administrator. Enter this URL in the {{server}} variable by hovering over the variable in the Try it pane and then clicking Edit. An access token and the client ID. Both are sent with every request. You can create a token through the Content Hub interface or by requesting one to the API itself
Entities API
Use the Entities API to retrieve, create, update, and delete entities. An entity is a set of data that belongs together (such as for a product, campaign, project, story, recipe, or asset). Authentication To use the Try it feature of the Entities API, you need: The URL of your Content Hub server. You can get this from your Content Hub Administrator. Enter this URL in the {{server}} variable by hovering over the variable in the Try it pane and then clicking Edit. An access token and the client ID. Both are sent with every request. You can create a token through the Content Hub interface or by requesting one to the API itself A Copy method is also available.
Jobs API
Use the Jobs API to retrieve, create, update, and delete job targets or the description. This REST API lets you interact with: M.Target entities, which are targets of a job. The M.JobDescription entity, which contains information about what to do and what is in progress. To help you switch to the Jobs API, we provide guidance on how to update calls in your code . Authentication To use the Jobs API, you need: The URL of your Content Hub server. You can get this from your Content Hub Administrator. Enter this URL in the {{server}} variable by hovering over the variable in the Try it pane and then clicking Edit. An access token and the client ID . Both are sent with every request. You can create a token through the Content Hub interface or by requesting one to the API itself
Querying API
Use the Querying API to fetch multiple pages of search results sequentially. This REST API lets you to retrieve entities that match a specific criteria. Authentication To use the Querying API, you need: The URL of your Content Hub server. You can get this from your Content Hub Administrator. Enter this URL in the {{server}} variable by hovering over the variable in the Try it pane and then clicking Edit. An access token and the client ID . Both are sent with every request. You can create a token through the Content Hub interface or by requesting one to the API itself
Upload API
Use the Upload API to upload files to Content Hub. Uploads are completed in three steps: Generate an upload URL that returns metadata about the upload session. Provide the following information: Configuration settings to use for the upload - an entity that hosts a predefined configuration, which specifies supported file extensions, the permitted file size, the default asset lifecycle for asset creation, and so on. Purpose of the newly uploaded file - create a new asset, use the uploaded file as a new master file for an existing asset, or use the file as an alternate file for an existing asset. Upload the file to the generated upload URL. Complete the upload by providing the metadata about the session that was generated in step 1. For more information and to see examples, refer to the Upload API documentation . For details on how to upload large files, see Upload large files . The Upload API is not intended for the bulk upload of assets. High volumes of parallel uploads can impact performance. Review Performance best practices to ensure optimal performance of Content Hub. Security is applied at the upload configuration level. This means that the user upload permissions depend on the upload configuration entities that users have access to. Authentication To use the Upload API, you need: The URL of your Content Hub server. You can get this from your Content Hub Administrator. Enter this URL in the {{server}} variable by hovering your mouse over the variable in the Try it pane and then clicking Edit. An access token and the client ID. Both are sent with every request. You can create a token through the Content Hub interface or by requesting one using the API itself .
OrderCloud
1
OrderCloud
Sitecore OrderCloud provides a powerful, flexible, and extensible platform for managing e-commerce operations. Built with a headless, API-first design, OrderCloud supports any B2C, B2B, B2B2C business models, allowing businesses to create, manage, and scale e-commerce experiences with full control over their product catalogs, pricing, orders, and customer management. Key Features: - Product Management : Create, manage, and organize products, variants, categories, and pricing. Manage inventories and set custom attributes. - Order Management : Create and track orders, manage status updates, process payments, and handle shipping and fulfillment. OrderCloud supports customizable workflows for order processing. - Customer & User Management : Manage customer profiles, roles, permissions, and user-specific pricing. - Multi-Channel Commerce : Seamlessly manage commerce experiences across B2B, B2C, and marketplace environments, offering a unified system to power all customer touch points. - Integrations : OrderCloud integrates with third-party systems like payment gateways, shipping providers, and ERP systems. Custom integrations can also be built via extensible webhooks and API connectors. - Security : Built with security in mind, OrderCloud supports role-based access control (RBAC) and OAuth 2.0 authentication to ensure secure and compliant access to your resources. OrderCloud is highly customizable and extensible, providing the flexibility to adapt the platform to your unique business needs and workflows. It’s designed to integrate smoothly into any existing ecosystem and scale as your business grows. For detailed API documentation, integration guides, and tutorials, visit our documentation site
XM Cloud
1
Sitecore XM Cloud Sites API
Use the XM Apps REST API for managing sites, site collections, pages, and languages in the XM Apps system. This API lets you interact with: The Site Collection object. Use a site collection to group together related sites that share the same resources. The Site object. The site object is the core entity that represents a website in the customer portfolio. The Language object. The language object is used to manage the languages available to a tenant and site. The Job object. The job object is used to manage running background jobs. Note the following: All API requests are made in your production environment. For more information, see the official Sitecore XM Cloud developer documentation . Authorization To authorize your requests, use environment automation client credentials and generate a JSON Web Token (JWT). Note: To create client credentials, you must be an Organization Admin or Organization Owner. Create an automation client In the Sitecore Cloud Portal, open XM Cloud Deploy. Click Credentials > Environment > Create credentials > Automation . Fill out the automation client details, then click Create . Copy the client ID and the client secret because you won't be able to view them again in XM Cloud Deploy. You'll use them to request a JWT. Request a JWT Run the following cURL command to request a JWT. Replace the placeholder values with your client ID and client secret. curl -X POST 'https://auth.sitecorecloud.io/oauth/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'client_id={YOUR_CLIENT_ID}' \ --data-urlencode 'client_secret={YOUR_CLIENT_SECRET}' \ --data-urlencode 'grant_type=client_credentials' \ --data-urlencode 'audience=https://api.sitecorecloud.io' In the response, the access_token key contains the JWT: { "access_token": "{YOUR_JWT}", "scope": "xmcloud.cm:admin", "expires_in": 86400, "token_type": "Bearer" } The JWT expires in 24 hours. If your requests unexpectedly return a response with status 401 Unauthorized , request a new JWT by repeating this POST request. We recommend that you cache the JWT for 24 hours to avoid repeating this POST request while the JWT is still valid. Include the JWT in the request header You can now start making REST API requests. You must include the JWT in the request header of every request. For example: curl -X GET '{YOUR_BASE_URL}/...' \ -H 'Authorization: Bearer {YOUR_JWT}' \ -H 'Accept: application/json'