Vendure · Authentication Profile

Vendure Authentication

Authentication

Vendure secures its APIs with apiKey and http across 3 declared security schemes, as derived from its OpenAPI definitions.

CommerceHeadless CommerceeCommerceGraphQLOpen SourceTypeScriptNestJSB2BB2CStorefrontPlugins
Methods: apiKey, http Schemes: 3 OAuth flows: API key in: cookie, header

Security Schemes

BearerAuth http
scheme: bearer
CookieAuth apiKey
· in: cookie (session)
ChannelToken apiKey
· in: header (vendure-token)

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/vendure-admin-api-openapi.yml, openapi/vendure-shop-api-openapi.yml
summary:
  types:
  - apiKey
  - http
  api_key_in:
  - cookie
  - header
schemes:
- name: BearerAuth
  type: http
  scheme: bearer
  bearerFormat: JWT
  sources:
  - openapi/vendure-admin-api-openapi.yml
  - openapi/vendure-shop-api-openapi.yml
- name: CookieAuth
  type: apiKey
  in: cookie
  parameter: session
  sources:
  - openapi/vendure-admin-api-openapi.yml
  - openapi/vendure-shop-api-openapi.yml
- name: ChannelToken
  type: apiKey
  in: header
  parameter: vendure-token
  sources:
  - openapi/vendure-admin-api-openapi.yml
  - openapi/vendure-shop-api-openapi.yml