Xata · Authentication Profile

Xata Authentication

Authentication

Xata secures its APIs with apiKey, oauth2, and openIdConnect across 4 declared security schemes, as derived from its OpenAPI definitions. OAuth 2.0 is offered via the implicit flow(s).

DatabasePostgresServerlessDeveloper ToolsBranchingAI Agent
Methods: apiKey, oauth2, openIdConnect Schemes: 4 OAuth flows: implicit API key in: header

Security Schemes

oidc openIdConnect
apiKey apiKey
· in: header (Authorization)
xata oauth2
· flows: implicit
branchConnectionString apiKey
· in: header (Connection-String)

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/xata-management-api-openapi.yml
summary:
  types:
  - apiKey
  - oauth2
  - openIdConnect
  api_key_in:
  - header
  oauth2_flows:
  - implicit
schemes:
- name: oidc
  type: openIdConnect
  openIdConnectUrl: https://auth.xata.io/realms/xata/.well-known/openid-configuration
  sources:
  - openapi/xata-management-api-openapi.yml
- name: apiKey
  type: apiKey
  in: header
  parameter: Authorization
  description: 'API key authentication using Bearer token format: Bearer <api_key>'
  sources:
  - openapi/xata-management-api-openapi.yml
- name: xata
  type: oauth2
  flows:
  - flow: implicit
    authorizationUrl: https://auth.xata.io/realms/xata/protocol/openid-connect/auth
    scopes: 13
  sources:
  - openapi/xata-management-api-openapi.yml
- name: branchConnectionString
  type: apiKey
  in: header
  parameter: Connection-String
  description: Branch PostgreSQL connection string (`postgres://user:pass@{branch}.{region}.xata.tech/db`),
    including the embedded password. The hostname selects the target branch, region, and endpoint
    type (the `-rw`/`-ro` suffix, see `EndpointType`), and must match the request host. Obtain
    it from the Xata dashboard or the control-plane API. This is the only credential the gateway
    accepts; the control-plane AP
  sources:
  - openapi/xata-management-api-openapi.yml