Cognite · Authentication Profile

Cognite Authentication

Authentication

Cognite secures its APIs with http, oauth2, and openIdConnect across 4 declared security schemes, as derived from its OpenAPI definitions. OAuth 2.0 is offered via the authorizationCode and clientCredentials flow(s).

Industrial IoTManufacturingIndustrial DataDigital TwinAsset ManagementTime SeriesIndustrial AI
Methods: http, oauth2, openIdConnect Schemes: 4 OAuth flows: authorizationCode, clientCredentials API key in:

Security Schemes

oidc-token http
scheme: bearer
oauth2-client-credentials oauth2
· flows: clientCredentials
oauth2-auth-code oauth2
· flows: authorizationCode
org-oidc-token openIdConnect

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/cognite-data-fusion-api.json, openapi/cognite-data-fusion-api.yaml
summary:
  types:
  - http
  - oauth2
  - openIdConnect
  oauth2_flows:
  - authorizationCode
  - clientCredentials
schemes:
- name: oidc-token
  type: http
  scheme: bearer
  bearerFormat: OpenID Connect or OAuth2 token
  description: Access token issued by the CDF project's configured identity provider. Access
    token must be an OpenID Connect token, and the project must be configured to accept OpenID
    Connect tokens. Use a header key of 'Authorization' with a value of 'Bearer $accesstoken'.
    The token can be obtained through any flow supported by the identity provider.
  sources:
  - openapi/cognite-data-fusion-api.json
  - openapi/cognite-data-fusion-api.yaml
- name: oauth2-client-credentials
  type: oauth2
  flows:
  - flow: clientCredentials
    tokenUrl: https://your-idps.token.url/
    scopes: 1
  description: Access token issued by the CDF project's configured identity provider. Access
    token must be an OpenID Connect token, and the project must be configured to accept OpenID
    Connect tokens. Use a header key of 'Authorization' with a value of 'Bearer $accesstoken'.
    The token can be obtained through any flow supported by the identity provider.
  sources:
  - openapi/cognite-data-fusion-api.json
  - openapi/cognite-data-fusion-api.yaml
- name: oauth2-auth-code
  type: oauth2
  flows:
  - flow: authorizationCode
    authorizationUrl: https://your-idps.authorization.url/
    tokenUrl: https://your-idps.token.url/
    scopes: 1
  description: Access token issued by the CDF project's configured identity provider. Access
    token must be an OpenID Connect token, and the project must be configured to accept OpenID
    Connect tokens. Use a header key of 'Authorization' with a value of 'Bearer $accesstoken'.
    The token can be obtained through any flow supported by the identity provider.
  sources:
  - openapi/cognite-data-fusion-api.json
  - openapi/cognite-data-fusion-api.yaml
- name: org-oidc-token
  type: openIdConnect
  openIdConnectUrl: https://auth.cognite.com/.well-known/openid-configuration
  description: |-
    Access token issued by the Cognite authorization server, and valid for the target organization. The token must
    be an OpenID Connect token, and it can be obtained by performing an OIDC login flow toward `auth.cognite.com`.
    This is a single URL for all CDF organizations.
  sources:
  - openapi/cognite-data-fusion-api.json
  - openapi/cognite-data-fusion-api.yaml