sitecore · Authentication Profile

Sitecore Authentication

Authentication

sitecore secures its APIs with apiKey and http across 3 declared security schemes, as derived from its OpenAPI definitions.

Methods: apiKey, http Schemes: 3 OAuth flows: API key in: header

Security Schemes

basicAuth http
scheme: basic
bearerAuth http
scheme: bearer
apiKeyAuth apiKey
· in: header (Authorization)

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/sitecore-cdp-rest-api-openapi.yml, openapi/sitecore-content-hub-rest-api-openapi.yml,
  openapi/sitecore-discover-api-openapi.yml, openapi/sitecore-ordercloud-api-openapi.yml, openapi/sitecore-personalize-rest-api-openapi.yml,
  openapi/sitecore-xm-cloud-rest-api-openapi.yml
summary:
  types:
  - apiKey
  - http
  api_key_in:
  - header
schemes:
- name: basicAuth
  type: http
  scheme: basic
  description: HTTP Basic authentication using a client key as the username and an API token
    as the password. Credentials are obtained from Sitecore CDP Settings > API access.
  sources:
  - openapi/sitecore-cdp-rest-api-openapi.yml
- name: bearerAuth
  type: http
  scheme: bearer
  bearerFormat: JWT
  description: OAuth 2.0 bearer token obtained from the Content Hub identity provider. Include
    the token in the Authorization header as 'Bearer {token}'.
  sources:
  - openapi/sitecore-content-hub-rest-api-openapi.yml
  - openapi/sitecore-discover-api-openapi.yml
  - openapi/sitecore-ordercloud-api-openapi.yml
  - openapi/sitecore-xm-cloud-rest-api-openapi.yml
- name: apiKeyAuth
  type: apiKey
  in: header
  parameter: Authorization
  description: API key authentication. Provide the API key in the Authorization header obtained
    from the Sitecore Personalize instance configuration.
  sources:
  - openapi/sitecore-personalize-rest-api-openapi.yml