Moovit · Authentication Profile

Moovit Authentication

Authentication

Moovit secures its APIs with apiKey across 2 declared security schemes, as derived from its OpenAPI definitions.

TransitPublic TransitMobilityMobility As A ServiceMaaSTrip PlanningMultimodal RoutingReal TimeGTFSGTFS RealtimeService AlertsSmart CitiesTransportationMobileyeIntel
Methods: apiKey Schemes: 2 OAuth flows: API key in: header

Security Schemes

hmacAuth apiKey
· in: header (Authorization)
apiKey apiKey
· in: header (API_KEY)

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/moovit-public-transit-api-openapi.yml
summary:
  types:
  - apiKey
  api_key_in:
  - header
schemes:
- name: hmacAuth
  type: apiKey
  in: header
  parameter: Authorization
  description: HMAC-SHA256 signature in the form `hmacauth <signature>:<nonce>:<timestamp>`
    over `<timestamp>:<payload>:<nonce>` using the API secret key.
  sources:
  - openapi/moovit-public-transit-api-openapi.yml
- name: apiKey
  type: apiKey
  in: header
  parameter: API_KEY
  description: Public API key issued by Moovit. Required on every request.
  sources:
  - openapi/moovit-public-transit-api-openapi.yml