GitLab · Authentication Profile

Gitlab Authentication

Authentication

GitLab secures its APIs with apiKey and http across 3 declared security schemes, as derived from its OpenAPI definitions.

CodePlatformSoftware DevelopmentSource Control
Methods: apiKey, http Schemes: 3 OAuth flows: API key in: header

Security Schemes

oauthToken http
scheme: bearer
ApiKeyAuth apiKey
· in: header (Private-Token)
privateToken apiKey
· in: header (PRIVATE-TOKEN)

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/gitlab-oauth2-openapi.yml, openapi/gitlab-openapi-original.yml, openapi/gitlab-webhooks-openapi.yml
summary:
  types:
  - apiKey
  - http
  api_key_in:
  - header
schemes:
- name: oauthToken
  type: http
  scheme: bearer
  description: OAuth 2.0 access token obtained via the authorization flow.
  sources:
  - openapi/gitlab-oauth2-openapi.yml
  - openapi/gitlab-webhooks-openapi.yml
- name: ApiKeyAuth
  type: apiKey
  in: header
  parameter: Private-Token
  sources:
  - openapi/gitlab-openapi-original.yml
- name: privateToken
  type: apiKey
  in: header
  parameter: PRIVATE-TOKEN
  description: GitLab personal access token or project access token.
  sources:
  - openapi/gitlab-webhooks-openapi.yml