ThingsBoard · Authentication Profile

Thingsboard Authentication

Authentication

ThingsBoard secures its APIs with apiKey and http across 2 declared security schemes, as derived from its OpenAPI definitions.

IoTInternet of ThingsDevice ManagementTelemetryOpen SourceApache 2.0MQTTLwM2MCoAPRule EngineDashboardsEdgeMulti-tenantJavaSpring
Methods: apiKey, http Schemes: 2 OAuth flows: API key in: header

Security Schemes

HTTP login form http
scheme: loginPassword
API key form apiKey
· in: header (X-Authorization)

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/thingsboard-admin-openapi.yml, openapi/thingsboard-ai-openapi.yml, openapi/thingsboard-alarms-openapi.yml,
  openapi/thingsboard-assets-openapi.yml, openapi/thingsboard-auth-openapi.yml, openapi/thingsboard-dashboards-openapi.yml,
  openapi/thingsboard-devices-openapi.yml, openapi/thingsboard-edge-openapi.yml, openapi/thingsboard-lwm2m-openapi.yml,
  openapi/thingsboard-mobile-openapi.yml, openapi/thingsboard-notifications-openapi.yml, openapi/thingsboard-rpc-openapi.yml
  ...
summary:
  types:
  - apiKey
  - http
  api_key_in:
  - header
schemes:
- name: HTTP login form
  type: http
  scheme: loginPassword
  bearerFormat: /api/auth/login|X-Authorization
  description: Enter Username / Password
  sources:
  - openapi/thingsboard-admin-openapi.yml
  - openapi/thingsboard-ai-openapi.yml
  - openapi/thingsboard-alarms-openapi.yml
  - openapi/thingsboard-assets-openapi.yml
  - openapi/thingsboard-auth-openapi.yml
  - openapi/thingsboard-dashboards-openapi.yml
  - openapi/thingsboard-devices-openapi.yml
  - openapi/thingsboard-edge-openapi.yml
  - openapi/thingsboard-lwm2m-openapi.yml
  - openapi/thingsboard-mobile-openapi.yml
  - openapi/thingsboard-notifications-openapi.yml
  - openapi/thingsboard-rpc-openapi.yml
  - openapi/thingsboard-rule-engine-openapi.yml
  - openapi/thingsboard-telemetry-openapi.yml
  - openapi/thingsboard-tenants-openapi.yml
- name: API key form
  type: apiKey
  in: header
  parameter: X-Authorization
  description: |-
    Enter the API key value with 'ApiKey' prefix in format: **ApiKey <your_api_key_value>**

    Example: **ApiKey tb_5te51SkLRYpjGrujUGwqkjFvooWBlQpVe2An2Dr3w13wjfxDW**

    <br>**NOTE**: Use only ONE authentication method at a time. If both are authorized, JWT auth takes the priority.<br>
  sources:
  - openapi/thingsboard-admin-openapi.yml
  - openapi/thingsboard-ai-openapi.yml
  - openapi/thingsboard-alarms-openapi.yml
  - openapi/thingsboard-assets-openapi.yml
  - openapi/thingsboard-auth-openapi.yml
  - openapi/thingsboard-dashboards-openapi.yml
  - openapi/thingsboard-devices-openapi.yml
  - openapi/thingsboard-edge-openapi.yml
  - openapi/thingsboard-lwm2m-openapi.yml
  - openapi/thingsboard-mobile-openapi.yml
  - openapi/thingsboard-notifications-openapi.yml
  - openapi/thingsboard-rpc-openapi.yml
  - openapi/thingsboard-rule-engine-openapi.yml
  - openapi/thingsboard-telemetry-openapi.yml
  - openapi/thingsboard-tenants-openapi.yml