Sitecore XM Cloud Delivering vs Authoring APIs – When & How to Use Them

When building modern digital experiences with Sitecore XM Cloud, selecting the right API for our use case can mean the difference between a lightning-fast application and a sluggish one. In this guide, we’ll dive into the two core API types—Delivering API and Authoring API—and explore when, why, and how to use each effectively.

Sitecore XM Cloud: API-First and Headless

  • API-First → Every interaction like content authoring, delivery, publishing is exposed via APIs (GraphQL, REST).
  • Headless → The CMS manages content, but the presentation layer (websites, mobile apps, kiosks, etc.) is decoupled, allowing developers to use frameworks like React, Angular, Next.js, or Vue.

The Two Main API Categories

1. Delivering APIs

Delivering APIs are designed for content consumption. They’re fast, globally cached, and read-only, perfect for frontend apps and customer-facing experiences.

Key Characteristics

  • Fast, read-only APIs for content delivery
  • Globally cached and performance-optimized
  • Serve only published content (no drafts or workflow states)
  • Support anonymous access for public content
  • High availability and redundancy
  • Best suited for front-end applications

Types

  • GraphQL Content Delivery API
    • Fetches published content for frontend apps
    • Query exactly what you need (fields, items, components)
    • Supports filtering, sorting, and pagination
  • Layout Service API (GraphQL / REST)
    • Provides layout and component data for headless rendering
    • Powers JSS applications
    • Ensures frontend apps know how content is structured on pages

When to Use

  • Public-facing websites and apps
  • Mobile apps consuming content
  • Headless CMS implementations
  • Content syndication to external platforms
  • Any performance-critical, customer-facing digital experience

Best Practices

  • Optimize GraphQL queries—avoid over-fetching
  • Request only the fields you need
  • Leverage Sitecore’s built-in caching
  • Add application-level caching for frequently accessed content

Example Use Case

Fetching the 5 most recent published articles for a blog listing page.

query {
  search(
    where: { AND: [{ name: "_templates", value: "Article", operator: EQ }] }
    orderBy: { name: "PublishDate", direction: DESC }
    first: 5
  ) {
    results {
      id
      name
      fields {
        Title {
          value
        }
        PublishDate {
          value
        }
      }
    }
  }
}

2. Authoring APIs

Authoring APIs power content creation and management. They allow developers and integrators to create, update, and manage Sitecore items programmatically.

Key Characteristics

  • Full CRUD operations (Create, Read, Update, Delete)
  • Real-time access—no caching layers
  • Support workflow and draft content states
  • Authentication required (PATs with role-based permissions)
  • Optimized for authoring and content operations

Types

  • Management API (GraphQL)
    • Create, update, delete content items
    • Used in integrations, migration scripts, or middleware (e.g., Azure Functions)
    • Supports workflow, publishing, etc.
  • Media API
    • Upload and manage media items in the Media Library
    • Useful when external systems push media into Sitecore

When to Use

  • Custom content editing interfaces
  • Bulk content migration and automation
  • Workflow and approval systems
  • Administrative dashboards
  • Content preview applications
  • Integrations with external CMS or DAM systems

Best Practices

  • Never expose Authoring API credentials in client-side code
  • Use role-based access control and PATs
  • Apply token expiration policies
  • Implement audit logging for content modifications

Example Use Case

An Azure Function creates new blog items in Sitecore from an external CMS.

mutation {
  createItem(
    input: {
      name: "new-article"
      displayName: "New Article from GraphQL"
      templateId: "{TEMPLATE-GUID-HERE}"
      parentId: "{PARENT-ITEM-GUID-HERE}"
      fields: [
        { name: "Title", value: "GraphQL API Post" }
        { name: "PublishDate", value: "2025-08-30T10:00:00Z" }
      ]
    }
  ) {
    item {
      id
      name
      displayName
      path
    }
  }
}

Summary table for a visual comparison

Feature 

Authoring API (In the CMS)

Delivery API (In Experience Edge)

Purpose

To manage content within the Sitecore CMS.

To deliver published content to headless front-ends.

Access

Secure, authenticated access for content authors and developers.

Optimized for high-performance, public-facing access.

Operations

Read/Write (create, edit, delete, publish content).

Read-only (fetch published content).

Data Source

The Content Management database.

The Experience Edge cache and database.

Content Status

Accesses all content, including unpublished drafts.

Accesses only content that has been explicitly published.

Primary Audience

Content managers, marketers, and CMS developers.

Front-end developers building websites and apps.

Conclusion

Understanding when and how to use Delivering vs Authoring APIs is crucial for building successful digital experiences with Sitecore XM Cloud.

  • Delivering APIs excel at high-performance content delivery for end users.
  • Authoring APIs provide the content management capabilities your editors and administrators need.

Key Takeaways

  • Use Delivering APIs for all public-facing, performance-critical scenarios
  • Use Authoring APIs for content management, workflows, and backend integrations
  • Always apply proper security and caching strategies
  • Monitor performance and optimize queries based on usage patterns
  • Design your architecture to leverage the right API for each use case

By following these patterns and best practices, we will be well-equipped to build robust, scalable applications that can take full advantage of Sitecore XM Cloud’s API ecosystem.

 

Comments

Post a Comment

Popular posts from this blog

Setting Up Sitecore Headless with Next.js in Disconnected Mode

Image
Sitecore Headless CMS offers a flexible way to integrate with different frontend technologies. For developers working with frameworks like Next.js, Sitecore provides various ways to set up the environment, including four distinct modes: Disconnected Mode , Connected Mode , Integrated Mode , and API Mode . Each mode offers unique features for different stages of development and production needs. What Is Disconnected Mode? Disconnected Mode is designed for local development and testing without requiring a direct connection to the Sitecore platform. In this mode, data is typically retrieved from static files (like YAML or JSON), and content updates are done manually. This mode is ideal for frontend developers who want to focus on building the user interface and the site’s functionality without waiting for backend integration. In Disconnected Mode , the data flow is not dependent on the Sitecore CMS. Instead, content is stored locally in static files, which are easier to manage and qu...
Read more

Step-by-Step Guide: Sitecore Headless GraphQL Filtering, Sorting & Pagination

Image
If you're building a modern web application using Sitecore Headless (JSS), you’ll often need to fetch dynamic content lists like employee directories, articles, or products. To make this dynamic and user-friendly, you’ll want: Filtering – Narrow down results (e.g. by department or name) Sorting – Order by fields like name, date, or custom rank Pagination – Load data page by page In this post, I will walk you through how to build a Sitecore GraphQL query step by step, from basic retrieval to fully paginated, sorted, and filtered results. Demo Setup: Sitecore Content for Querying To demonstrate these GraphQL features, we’ve prepared the following in Sitecore. Template: UserInformation A custom template named UserInformation was created with 5 fields: Field Name Field Type UserName Single-Line Text Designation Single-Line Text Department Single-Line Text ...
Read more

Building a Headless Integration Between Sitecore and Azure Functions

Image
In today’s digital landscape, headless CMS architectures have become a game-changer for delivering personalized, dynamic, and scalable content experiences across multiple channels. Sitecore, with its powerful headless capabilities via Sitecore JSS and Layout Service, provides a flexible content management backbone. But what if we want to extend Sitecore’s capabilities beyond the platform, leveraging cloud-native serverless technologies? Here comes Azure Functions , a serverless compute service that lets us run code on-demand without managing infrastructure. Combining Sitecore with Azure Functions enables developers to build scalable, decoupled integrations that enhance content delivery, personalization, or business logic in a lightweight, cost-effective way. Benefits to Integrate Sitecore with Azure Functions Scalability: Azure Functions automatically scale with your workload. Cost-efficiency: Pay only for compute time, no idle server costs. Extensibility: ...
Read more