Apache Airflow · Authentication Profile

Airflow Authentication

Authentication

Apache Airflow secures its APIs with http and oauth2 across 2 declared security schemes, as derived from its OpenAPI definitions. OAuth 2.0 is offered via the password flow(s).

Workflow OrchestrationData PipelineOpen SourceApacheDAGSchedulingETLData Engineering
Methods: http, oauth2 Schemes: 2 OAuth flows: password API key in:

Security Schemes

OAuth2PasswordBearer oauth2
· flows: password
HTTPBearer http
scheme: bearer

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/airflow-openapi.yml
summary:
  types:
  - http
  - oauth2
  oauth2_flows:
  - password
schemes:
- name: OAuth2PasswordBearer
  type: oauth2
  flows:
  - flow: password
    tokenUrl: /auth/token
    scopes: 0
  description: 'To authenticate Airflow API requests, clients must include a JWT (JSON Web Token)
    in the Authorization header of each request. This token is used to verify the identity of
    the client and ensure that they have the appropriate permissions to access the requested
    resources. You can use the endpoint ``POST /auth/token`` in order to generate a JWT token.
    Upon successful authentication, the server will '
  sources:
  - openapi/airflow-openapi.yml
- name: HTTPBearer
  type: http
  scheme: bearer
  sources:
  - openapi/airflow-openapi.yml