Gitea · Authentication Profile

Gitea Authentication

Authentication

Gitea secures its APIs with apiKey and http across 7 declared security schemes, as derived from its OpenAPI definitions.

GitSource ControlDevOpsCI/CDCode HostingOpen SourceSelf HostedPackage RegistryIssue TrackingPull Requests
Methods: apiKey, http Schemes: 7 OAuth flows: API key in: header, query

Security Schemes

AccessToken apiKey
· in: query (access_token)
AuthorizationHeaderToken apiKey
· in: header (Authorization)
BasicAuth http
scheme: basic
SudoHeader apiKey
· in: header (Sudo)
SudoParam apiKey
· in: query (sudo)
TOTPHeader apiKey
· in: header (X-GITEA-OTP)
Token apiKey
· in: query (token)

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/gitea-rest-api-openapi-original.yml, openapi/gitea-rest-api-openapi.yml
summary:
  types:
  - apiKey
  - http
  api_key_in:
  - header
  - query
schemes:
- name: AccessToken
  type: apiKey
  in: query
  parameter: access_token
  description: This authentication option is deprecated for removal in Gitea 1.23. Please use
    AuthorizationHeaderToken instead.
  sources:
  - openapi/gitea-rest-api-openapi-original.yml
  - openapi/gitea-rest-api-openapi.yml
- name: AuthorizationHeaderToken
  type: apiKey
  in: header
  parameter: Authorization
  description: API tokens must be prepended with "token" followed by a space.
  sources:
  - openapi/gitea-rest-api-openapi-original.yml
  - openapi/gitea-rest-api-openapi.yml
- name: BasicAuth
  type: http
  scheme: basic
  sources:
  - openapi/gitea-rest-api-openapi-original.yml
  - openapi/gitea-rest-api-openapi.yml
- name: SudoHeader
  type: apiKey
  in: header
  parameter: Sudo
  description: Sudo API request as the user provided as the key. Admin privileges are required.
  sources:
  - openapi/gitea-rest-api-openapi-original.yml
  - openapi/gitea-rest-api-openapi.yml
- name: SudoParam
  type: apiKey
  in: query
  parameter: sudo
  description: Sudo API request as the user provided as the key. Admin privileges are required.
  sources:
  - openapi/gitea-rest-api-openapi-original.yml
  - openapi/gitea-rest-api-openapi.yml
- name: TOTPHeader
  type: apiKey
  in: header
  parameter: X-GITEA-OTP
  description: Must be used in combination with BasicAuth if two-factor authentication is enabled.
  sources:
  - openapi/gitea-rest-api-openapi-original.yml
  - openapi/gitea-rest-api-openapi.yml
- name: Token
  type: apiKey
  in: query
  parameter: token
  description: This authentication option is deprecated for removal in Gitea 1.23. Please use
    AuthorizationHeaderToken instead.
  sources:
  - openapi/gitea-rest-api-openapi-original.yml
  - openapi/gitea-rest-api-openapi.yml