Octopus Deploy · Authentication Profile

Octopus Deploy Authentication

Authentication

Octopus Deploy secures its APIs with apiKey and oauth2 across 2 declared security schemes, as derived from its OpenAPI definitions. OAuth 2.0 is offered via the clientCredentials flow(s).

DevOpsContinuous DeliveryDeployment AutomationRelease ManagementRunbooksCI/CD
Methods: apiKey, oauth2 Schemes: 2 OAuth flows: clientCredentials API key in: header

Security Schemes

ApiKeyAuth apiKey
· in: header (X-Octopus-ApiKey)
OidcAuth oauth2
· flows: clientCredentials

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/octopus-deploy-openapi.yml
summary:
  types:
  - apiKey
  - oauth2
  api_key_in:
  - header
  oauth2_flows:
  - clientCredentials
schemes:
- name: ApiKeyAuth
  type: apiKey
  in: header
  parameter: X-Octopus-ApiKey
  description: |-
    Preferred authentication mechanism. Generate an API key from
    your Octopus user profile. The key may also be supplied as the
    `apikey` query parameter for simple cases.
  sources:
  - openapi/octopus-deploy-openapi.yml
- name: OidcAuth
  type: oauth2
  flows:
  - flow: clientCredentials
    tokenUrl: https://your-octopus-instance/api/oidc/token
    scopes: 0
  description: |-
    Authenticate by exchanging an OpenID Connect identity token from
    a trusted external system (for example GitHub Actions) for a
    short-lived Octopus access token.
  sources:
  - openapi/octopus-deploy-openapi.yml