VATSIM · Authentication Profile

Vatsim Authentication

Authentication

VATSIM secures its APIs with apiKey and oauth2 across 3 declared security schemes, as derived from its OpenAPI definitions. OAuth 2.0 is offered via the authorizationCode flow(s).

AviationFlight SimulationAir Traffic ControlReal-Time DataCommunity
Methods: apiKey, oauth2 Schemes: 3 OAuth flows: authorizationCode API key in: header

Security Schemes

connect oauth2
· flows: authorizationCode
APIKeyAuth apiKey
· in: header (X-API-Key)
LegacyAuth apiKey
· in: header (Authorization)

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/connect.yaml, openapi/core-api.json
summary:
  types:
  - apiKey
  - oauth2
  api_key_in:
  - header
  oauth2_flows:
  - authorizationCode
schemes:
- name: connect
  type: oauth2
  flows:
  - flow: authorizationCode
    authorizationUrl: /oauth/authorize
    tokenUrl: /oauth/token
    scopes: 4
  sources:
  - openapi/connect.yaml
- name: APIKeyAuth
  type: apiKey
  in: header
  parameter: X-API-Key
  description: Preferred method of authentication for APIv2. Use your APIv2 key here.
  sources:
  - openapi/core-api.json
- name: LegacyAuth
  type: apiKey
  in: header
  parameter: Authorization
  description: |-
    Preserved for backwards compatibility with API v1, **not recommended** for new integrations.

    The same API key used in the `X-API-Key` header should be used here, but prefixed with `Token `.
  sources:
  - openapi/core-api.json