GOV.UK Notify · Authentication Profile

Gov Uk Notify Authentication

Authentication

GOV.UK Notify secures its APIs with http across 1 declared security scheme, as derived from its OpenAPI definitions.

NotificationsEmailSMSText MessagesLettersGovernmentUnited KingdomPublic SectorGDSREST
Methods: http Schemes: 1 OAuth flows: API key in:

Security Schemes

bearerAuth http
scheme: bearer

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/openapi.yml
summary:
  types:
  - http
schemes:
- name: bearerAuth
  type: http
  scheme: bearer
  bearerFormat: JWT
  description: JWT token signed with HS256 using the service API key secret. Tokens are short-lived
    and must include iss (service ID), iat (issued at), and exp (expiry) claims.
  sources:
  - openapi/openapi.yml