Apache Iceberg · OAuth Scopes

Apache Iceberg OAuth Scopes

OAuth 2.0 derived

Apache Iceberg publishes 1 OAuth 2.0 scope via the clientCredentials flow. Scopes are the fine-grained permissions an application requests at authorization time to act against the Apache Iceberg API on a user’s behalf.

Tokens are issued from /v1/oauth/tokens.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

ACIDAnalyticsApacheData LakeLakehouseOpen SourceTable Format
Scopes: 1 Flows: clientCredentials Method: derived

OAuth endpoints

Token URL
/v1/oauth/tokens
Flows
clientCredentials

Scopes (1)

ScopeDescriptionFlows
catalog Allows interacting with the Config and Catalog APIs clientCredentials

Source

OAuth Scopes

apache-iceberg-scopes.yml Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/apache-iceberg-rest-catalog-open-api.yaml
schemes:
- name: OAuth2
  source: openapi/apache-iceberg-rest-catalog-open-api.yaml
  flows:
  - flow: clientCredentials
    tokenUrl: /v1/oauth/tokens
  description: |-
    This scheme is used for OAuth2 authorization.

    For unauthorized requests, services should return an appropriate 401 or 403 response. Implementations must not return altered success (200) responses when a request is unauthenticated or unauthorized.
    If a separate authorization server is used, substitute the tokenUrl with the full token path of the external authorization server, and use the resulting token to access the resources defined in the spec.
scopes:
- scope: catalog
  description: Allows interacting with the Config and Catalog APIs
  flows:
  - clientCredentials
  sources:
  - openapi/apache-iceberg-rest-catalog-open-api.yaml