HomeDev GuideAPI Reference
Dev GuideAPI ReferenceUser GuideGitHubNuGetDev CommunityAcademySubmit a ticketLog In
API Reference

Introduction to the CMS REST API

CMS 13 includes the REST API automatically via AddCms(). Learn endpoint paths, OAuth token setup, and key differences from CMS 12 and CMS 13.

The CMS REST API is included in every CMS 13 project. The AddCms() method registers both the REST API v1 endpoints and the OAuth token endpoint, so no additional packages or registration calls are required to enable the API.

The CMS REST API is not intended for delivery. Optimizely recommends using Optimizely Graph for content delivery.

API endpoint paths

CMS 13 exposes the REST API at the following base paths:

  • /_cms/v1 – The CMS REST API v1 root. Content, content type, and management endpoints are available under this path.
  • /_cms/v1/oauth/token – The OAuth token endpoint for requesting access tokens.

The AddCms() method in your application startup calls .AddOptimizelyCmsServiceV1().AddOauthEndpoints(), which registers these endpoints. No additional service registration is needed.

REST API configuration differences from CMS 12 and CMS 13

CMS 13 simplifies REST API configuration compared to CMS 12 with Content Management and Content Definitions API. It does not replace the Content Delivery API.

While it is essentially the same API as CMS 13 exposes, there are some differences between the two.
The following table summarizes the differences.

AreaCMS 12CMS 13
API registrationInstall EPiServer.ContentManagementApi and EPiServer.ContentDefinitionsApi NuGet packages and call AddContentManagementApi() and AddContentDefinitionsApi() in Startup.csAutomatic with AddCms(), available at /_cms/v1
Authentication libraryInstall EPiServer.OpenIDConnect NuGet package and configure OpenIddict with ASP.NET IdentityBuilt-in OAuth at /_cms/v1/oauth/token, configured through CmsServiceOauthOptions
Client configurationDefine OpenIDConnectApplication objects in code with scopes and redirect URIsDefine clients in appsettings.json or environment variables with ClientId and ClientSecret
Signing credentialsProvide X509Certificate2 manually or use useDevelopmentCertificate: true, DXP auto-provides through CloudPlatform.Cms 1.6.1 or laterDXP auto-provides through AddCmsCloudPlatformSupport(), local dev uses AddDevelopmentSigningCredentials()
Grant types supportedAuthorization code, client credentials, resource owner passwordClient credentials
Scope validationOptional through DisableScopeValidationManaged through client configuration

Migrate from CMS 12 authentication

If you are upgrading from CMS 12 to CMS 13, replace the EPiServer.OpenIDConnect package configuration with the CmsServiceOauthOptions approach described in Authentication and authorization. CMS 13 does not require the AddOpenIDConnect<ApplicationUser>(), AddContentManagementApi(), or AddContentDefinitionsApi() calls. Instead, CMS 13 handles API registration and OAuth endpoint setup through AddCms().

For CMS 12, the token endpoint was at /api/episerver/connect/token. In CMS 13, the token endpoint is at /_cms/v1/oauth/token.