Passbolt · Authentication Profile

Passbolt Authentication

Authentication

Passbolt secures its APIs with apiKey and http across 2 declared security schemes, as derived from its OpenAPI definitions.

Password ManagerSecuritySecretsIdentity
Methods: apiKey, http Schemes: 2 OAuth flows: API key in: cookie

Security Schemes

bearerHttpAuthentication http
scheme: Bearer
gpgCookieAuthentication apiKey
· in: cookie (passbolt_session)

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/passbolt-openapi.yaml
summary:
  types:
  - apiKey
  - http
  api_key_in:
  - cookie
schemes:
- name: bearerHttpAuthentication
  type: http
  scheme: Bearer
  bearerFormat: JWT
  description: Bearer token using a JWT
  sources:
  - openapi/passbolt-openapi.yaml
- name: gpgCookieAuthentication
  type: apiKey
  in: cookie
  parameter: passbolt_session
  description: Session-based authentication. Note that a CSRF token needs to be provided through
    a header named `X-CSRF-Token`.
  sources:
  - openapi/passbolt-openapi.yaml