Ghost · Authentication Profile

Ghost Authentication

Authentication

Ghost secures its APIs with apiKey and http across 2 declared security schemes, as derived from its OpenAPI definitions.

PublishingNewslettersMembershipsContentOpen Source
Methods: apiKey, http Schemes: 2 OAuth flows: API key in: query

Security Schemes

adminApiToken http
scheme: bearer
contentApiKey apiKey
· in: query (key)

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/ghost-admin-api-openapi.yml, openapi/ghost-content-api-openapi.yml
summary:
  types:
  - apiKey
  - http
  api_key_in:
  - query
schemes:
- name: adminApiToken
  type: http
  scheme: bearer
  bearerFormat: JWT
  description: JSON Web Token generated from an Admin API key. The key is split into an ID and
    secret at the colon separator. The ID is used as the kid header and the secret is used to
    sign the token with HS256.
  sources:
  - openapi/ghost-admin-api-openapi.yml
- name: contentApiKey
  type: apiKey
  in: query
  parameter: key
  description: Content API key obtained from a custom integration in Ghost Admin. Content API
    keys are safe for use in browsers and other insecure environments as they only provide access
    to public data.
  sources:
  - openapi/ghost-content-api-openapi.yml