Coupa · Authentication Profile

Coupa Authentication

Authentication

Coupa secures its APIs with apiKey and oauth2 across 2 declared security schemes, as derived from its OpenAPI definitions. OAuth 2.0 is offered via the clientCredentials flow(s).

BSMBusiness Spend ManagementCloud PlatformEnterpriseFinancial ManagementInvoicingProcurementSupply Chain
Methods: apiKey, oauth2 Schemes: 2 OAuth flows: clientCredentials API key in: header

Security Schemes

oauth2 oauth2
· flows: clientCredentials
apiKey apiKey
· in: header (X-COUPA-API-KEY)

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/coupa-core-api-openapi.yml
summary:
  types:
  - apiKey
  - oauth2
  api_key_in:
  - header
  oauth2_flows:
  - clientCredentials
schemes:
- name: oauth2
  type: oauth2
  flows:
  - flow: clientCredentials
    tokenUrl: https://{instance}.coupahost.com/oauth2/token
    scopes: 8
  description: OAuth 2.0 authentication. Coupa supports the client_credentials grant type. Obtain
    client credentials from Coupa instance setup.
  sources:
  - openapi/coupa-core-api-openapi.yml
- name: apiKey
  type: apiKey
  in: header
  parameter: X-COUPA-API-KEY
  description: Legacy API key authentication. Coupa recommends migrating to OAuth 2.0. API keys
    are configured per Coupa instance.
  sources:
  - openapi/coupa-core-api-openapi.yml