Saleor · Authentication Profile

Saleor Authentication

Authentication

Saleor secures its APIs with apiKey and http across 2 declared security schemes, as derived from its OpenAPI definitions.

CommerceHeadlesseCommerceGraphQLOpen SourcePythonTypeScript
Methods: apiKey, http Schemes: 2 OAuth flows: API key in: header

Security Schemes

bearerAuth http
scheme: bearer
appToken apiKey
· in: header (Authorization)

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/saleor-openapi.yml
summary:
  types:
  - apiKey
  - http
  api_key_in:
  - header
schemes:
- name: bearerAuth
  type: http
  scheme: bearer
  bearerFormat: JWT
  description: User or app JWT issued by Saleor authentication mutations.
  sources:
  - openapi/saleor-openapi.yml
- name: appToken
  type: apiKey
  in: header
  parameter: Authorization
  description: |-
    Saleor App auth token, sent as `Authorization: Bearer <token>` and
    scoped to the installed app's permissions.
  sources:
  - openapi/saleor-openapi.yml