Tailwind Logo

Introduce Sitecore Authoring and Management GraphQL API

XM Cloud

Published: 2024-07-08

XM Cloud has a GraphQL Endpoint that allows content editing using GraphQL. This functionality is turned off by default, so this article will introduce the process of turning it on and making it usable.

This procedure is described in the following pages.

What is Authoring GraphQL IDE?

GraphQL has been used in blogs to retrieve data from the CMS, but it returns Json data when queried. In fact, this is possible through the Authoring and Management GraphQL mechanism. This can be accessed from the XM Cloud Deploy administration page by going to the bottom of the Details section and clicking on the Authoring GraphQL IDE link.


Enable GraphQL IDE

This feature is disabled by default, and to enable it, you must change the setting from the XM Cloud Deploy administration screen. The configuration is simple: change the setting of Sitecore_GraphQL_ExposePlayground to true (false by default) in the Variables section of the environment, and then run Build and Deploy.


Access Token Settings

After the setup is complete, clicking Launch IDE from the admin screen brings up the GraphQL Playground screen. However, when I click on the Schema tab, nothing appears.


This is a state of insufficient privileges due to a lack of access tokens.

First of all, to gain access, information for authentication must be included in the HTTP HEADERS. The format is as follows, but you will need to obtain an accessToken. You can use endpoints - xmCloud - accessToken, which can be found in the .sitecore\user.json file in the XM Cloud project.

    "Authorization": "Bearer accessToken"

The following is the status of access.


At this stage, the developer is in a position to perform test queries, etc., and edit content using GraphQL.

Get access token

Additional tokens can be generated for cases where you need or want to use multiple tokens/automation clients, such as when working with other systems.

First, from the XM Cloud Deploy administration screen, select Credentials and open the Environment tab.


In this section, we will create a new Automation Client. In this case, we will create a new Automation Client as follows


When generated, the key appears as follows.


The client secret is displayed only on this screen and cannot be confirmed later. If you are unsure of the client secret, you will have to recreate it. As a result, you will see the following screen.


We will now follow Obtain an additional access token (optional) to retrieve data from the PowerShell environment. By default, the authority URL is https://auth.sitecorecloud.io and the audience URL is https://api.sitecorecloud.io, so specify your-client-id, your- client-secret and your-xmcloud-host.

dotnet sitecore cloud login --client-credentials --client-id <your-client-id> --client-secret <your-client-secret> --allow-write true --xmcloudhost https://<your-xmcloud-host> --authority https://auth.sitecorecloud.io --audience https://api.sitecorecloud.io 
curl --location --request POST 'https://auth.sitecorecloud.io/oauth/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'client_id=<your-client-id>' --data-urlencode 'client_secret=<your-client-secret>' --data-urlencode 'audience=https://api.sitecorecloud.io' --data-urlencode 'grant_type=client_credentials'

The access token is shown below.


You can see that the obtained key is valid.


This key is "expires_in":86311, and can be used for 23 hours and 58 minutes. It is good to use a key with an expiration date like this for external collaboration.


In this article, we have reviewed Authoring and Management GraphQL, which is different from Sitecore Experience Edge and can easily be used with Sitecore Connect and other external systems to process data. An example implementation will be provided in a separate article. An example implementation will be presented in a future article.