thirdweb · Authentication Profile

Thirdweb Authentication

Authentication

thirdweb secures its APIs with apiKey and http across 4 declared security schemes, as derived from its OpenAPI definitions.

Web3BlockchainWalletsSmart ContractsPaymentsIndexer
Methods: apiKey, http Schemes: 4 OAuth flows: API key in: header

Security Schemes

ClientAuth apiKey
· in: header (x-client-id)
BundleIdAuth apiKey
· in: header (x-bundle-id)
SecretKeyAuth apiKey
· in: header (x-secret-key)
BearerAuth http
scheme: bearer

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/thirdweb-openapi.yml
summary:
  types:
  - apiKey
  - http
  api_key_in:
  - header
schemes:
- name: ClientAuth
  type: apiKey
  in: header
  parameter: x-client-id
  description: Client ID for frontend usage. Web sends x-client-id only; native apps also send
    x-bundle-id.
  sources:
  - openapi/thirdweb-openapi.yml
- name: BundleIdAuth
  type: apiKey
  in: header
  parameter: x-bundle-id
  description: Bundle ID for native (desktop/mobile) platform authentication alongside x-client-id.
  sources:
  - openapi/thirdweb-openapi.yml
- name: SecretKeyAuth
  type: apiKey
  in: header
  parameter: x-secret-key
  description: Secret key for backend usage; never expose publicly.
  sources:
  - openapi/thirdweb-openapi.yml
- name: BearerAuth
  type: http
  scheme: bearer
  bearerFormat: JWT
  description: JWT access token obtained from wallet authentication, for frontend usage.
  sources:
  - openapi/thirdweb-openapi.yml