Shopware · Authentication Profile

Shopware Authentication

Authentication

Shopware secures its APIs with apiKey and oauth2 across 2 declared security schemes, as derived from its OpenAPI definitions. OAuth 2.0 is offered via the clientCredentials and password flow(s).

E-CommerceOpen SourceHeadless CommerceB2BB2CRESTOAuth2
Methods: apiKey, oauth2 Schemes: 2 OAuth flows: clientCredentials, password API key in: header

Security Schemes

oAuth2 oauth2
· flows: clientCredentials, password
swAccessKey apiKey
· in: header (sw-access-key)

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/shopware-admin-api-openapi.yml, openapi/shopware-store-api-openapi.yml
summary:
  types:
  - apiKey
  - oauth2
  api_key_in:
  - header
  oauth2_flows:
  - clientCredentials
  - password
schemes:
- name: oAuth2
  type: oauth2
  flows:
  - flow: clientCredentials
    tokenUrl: /api/oauth/token
    scopes: 1
  - flow: password
    tokenUrl: /api/oauth/token
    scopes: 1
  sources:
  - openapi/shopware-admin-api-openapi.yml
- name: swAccessKey
  type: apiKey
  in: header
  parameter: sw-access-key
  description: Sales channel access key
  sources:
  - openapi/shopware-store-api-openapi.yml