generated: '2026-07-11' method: derived source: openapi/airflow-openapi.yml docs: https://airflow.apache.org/docs/apache-airflow/stable/security/api.html note: Apache Airflow does not publish OAuth scopes; the REST API authenticates with JWT tokens from POST /auth/token and authorization is handled by the configured auth manager's roles and permissions rather than OAuth scopes (see https://airflow.apache.org/docs/apache-airflow/stable/security/api.html). schemes: - name: OAuth2PasswordBearer source: openapi/airflow-openapi.yml flows: - flow: password tokenUrl: /auth/token description: To authenticate Airflow API requests, clients must include a JWT (JSON Web Token) in the Authorization header of each request. This token is used to verify the identity of the client and ensure that they have the appropriate permissions to access the requested resources. You can use the endpoint ``POST /auth/token`` in order to generate a JWT token. Upon successful authentication, the server will issue a JWT token that contains the necessary information (such as user identity and scope) to authenticate subsequent requests. To learn more about Airflow public API authentication, please read https://airflow.apache.org/docs/apache-airflow/stable/security/api.html. scopes: []