pfSense · Authentication Profile

Pfsense Authentication

Authentication

pfSense secures its APIs with apiKey and http across 3 declared security schemes, as derived from its OpenAPI definitions.

FirewallNetwork SecurityRouterVPNOpen SourceFreeBSDNetgate
Methods: apiKey, http Schemes: 3 OAuth flows: API key in: header

Security Schemes

basicAuth http
scheme: basic
apiKeyAuth apiKey
· in: header (X-API-Key)
bearerAuth http
scheme: bearer

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/pfsense-openapi.yml
summary:
  types:
  - apiKey
  - http
  api_key_in:
  - header
schemes:
- name: basicAuth
  type: http
  scheme: basic
  description: HTTP Basic auth with a pfSense local database username and password.
  sources:
  - openapi/pfsense-openapi.yml
- name: apiKeyAuth
  type: apiKey
  in: header
  parameter: X-API-Key
  description: |-
    API key generated through the webConfigurator or API endpoints. Keys
    inherit the permissions of the user that issued them.
  sources:
  - openapi/pfsense-openapi.yml
- name: bearerAuth
  type: http
  scheme: bearer
  bearerFormat: JWT
  description: |-
    JWT bearer token obtained from POST /api/v2/auth/jwt. Tokens default
    to one hour of validity.
  sources:
  - openapi/pfsense-openapi.yml