Ory · Authentication Profile

Ory Authentication

Authentication

Ory secures its APIs with apiKey, http, and oauth2 across 4 declared security schemes, as derived from its OpenAPI definitions. OAuth 2.0 is offered via the authorizationCode flow(s).

AuthenticationAuthorizationIdentityOAuth2OpenID ConnectOpen Source
Methods: apiKey, http, oauth2 Schemes: 4 OAuth flows: authorizationCode API key in: header

Security Schemes

basic http
scheme: basic
bearer http
scheme: bearer
oauth2 oauth2
· flows: authorizationCode
oryAccessToken apiKey
· in: header (Authorization)

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/ory-hydra-openapi.json, openapi/ory-kratos-openapi.json
summary:
  types:
  - apiKey
  - http
  - oauth2
  api_key_in:
  - header
  oauth2_flows:
  - authorizationCode
schemes:
- name: basic
  type: http
  scheme: basic
  sources:
  - openapi/ory-hydra-openapi.json
- name: bearer
  type: http
  scheme: bearer
  sources:
  - openapi/ory-hydra-openapi.json
- name: oauth2
  type: oauth2
  flows:
  - flow: authorizationCode
    authorizationUrl: https://hydra.demo.ory.sh/oauth2/auth
    tokenUrl: https://hydra.demo.ory.sh/oauth2/token
    scopes: 3
  sources:
  - openapi/ory-hydra-openapi.json
- name: oryAccessToken
  type: apiKey
  in: header
  parameter: Authorization
  sources:
  - openapi/ory-kratos-openapi.json