fly-io · Authentication Profile

Fly Io Authentication

Authentication

fly-io secures its APIs with apiKey and http across 2 declared security schemes, as derived from its OpenAPI definitions.

Methods: apiKey, http Schemes: 2 OAuth flows: API key in: header

Security Schemes

flySharedSecret http
scheme: bearer
webhookHmac apiKey
· in: header (X-Fly-Signature)

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/fly-io-extensions-api-openapi.yml, openapi/fly-io-machines-api-openapi.yml
summary:
  types:
  - apiKey
  - http
  api_key_in:
  - header
schemes:
- name: flySharedSecret
  type: http
  scheme: bearer
  description: Shared secret provided by Fly.io to the extension provider. Fly.io includes this
    secret in an Authorization Bearer header on all requests to the provider's API for verification.
  sources:
  - openapi/fly-io-extensions-api-openapi.yml
  - openapi/fly-io-machines-api-openapi.yml
- name: webhookHmac
  type: apiKey
  in: header
  parameter: X-Fly-Signature
  description: HMAC-SHA256 signature of the raw request body, computed using the webhook signing
    secret. Recipients must verify this signature before processing the payload.
  sources:
  - openapi/fly-io-extensions-api-openapi.yml