Milan Nankov

Milan Nankov
Sitefinity exposes RESTful WCF services that allow you to manage various aspects of your website, including but not limited to creating/editing/deleting documents, images, pages, and other resources. The full list of exposed services can be found here

Naturally, the access to the services is restricted and Web API requests must be authenticated. In this article I will focus on the authentication process and how you can get started using the available services. More specifically, I will focus on the claims-based authentication which, in mind opinion, should be your preferred choice for authentication. 

Let's take a look at a diagram that illustrates the process of authenticating:

Sitefinity Claims Authentication Process

The process kicks off by sending a POST request to the so called Security Token Service at /Sitefinity/Authenticate/SWT. Here are some details about this request:

  • URL: /Sitefinity/Authenticate/SWT
  • HTTP Method: POST
  • Content-Type: application/x-www-form-urlencoded
  • Body: Should contain two parameters wrap_password and wrap_name

Here is how this looks like in Postman.
Sitefinity Authentication Postman - Body If the provided credentials are correct, you will receive response that contains two parameters - wrap_access_token and wrap_access_token_expires_in. The value of wrap_access_token is the token that you need. Keep in mind that the token value is Url-encoded and you have to decode it before use.

We are almost there. The last piece of the puzzle is understanding how to use the token. Fortunately, that is very easy - simply add Authorization header with the following value: WRAP access_token="{Your token}", and you are good to go.

Since many people are probably interested in calling Sitefinity Web APIs using code, here is how you can authenticate and call a service using C#:



Need consulting on this topic?

Yes No

Thank You! We will be in touch.