Backstage · Authentication Profile

Backstage Authentication

Authentication

Backstage secures its APIs with apiKey and http across 2 declared security schemes, as derived from its OpenAPI definitions.

Developer PortalInternal Developer PlatformSoftware CatalogOpen Source
Methods: apiKey, http Schemes: 2 OAuth flows: API key in: cookie

Security Schemes

cookieAuth apiKey
· in: cookie (backstage-auth)
bearerAuth http
scheme: bearer

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/backstage-auth-openapi.yml, openapi/backstage-catalog-openapi.yml, openapi/backstage-permissions-openapi.yml,
  openapi/backstage-scaffolder-openapi.yml, openapi/backstage-search-openapi.yml, openapi/backstage-techdocs-openapi.yml
summary:
  types:
  - apiKey
  - http
  api_key_in:
  - cookie
schemes:
- name: cookieAuth
  type: apiKey
  in: cookie
  parameter: backstage-auth
  sources:
  - openapi/backstage-auth-openapi.yml
- name: bearerAuth
  type: http
  scheme: bearer
  bearerFormat: JWT
  sources:
  - openapi/backstage-auth-openapi.yml
  - openapi/backstage-catalog-openapi.yml
  - openapi/backstage-permissions-openapi.yml
  - openapi/backstage-scaffolder-openapi.yml
  - openapi/backstage-search-openapi.yml
  - openapi/backstage-techdocs-openapi.yml