Authentication#

API version: v2

The v2 API supports two credential types. Both use the Authorization: Bearer <token> header.

Personal access tokens#

Create a token at dolthub.com/settings/tokens. Copy it immediately — it is shown only once.

Include the token on every request that requires authentication:

curl https://www.dolthub.com/api/v2/user \
  -H 'Authorization: Bearer dh_YOUR_TOKEN_HERE'

Tokens have no built-in expiry but can be revoked from the settings page at any time.

OAuth 2.0#

The v2 API also accepts OAuth 2.0 access tokens using the authorization-code flow:

  • Authorization URL: https://www.dolthub.com/oauth/authorize
  • Token URL: https://www.dolthub.com/oauth/token

Scope definitions are listed in the spec. If you are building a third-party integration that acts on behalf of a user, OAuth is the recommended approach.

Which endpoints require authentication#

Most write operations and all operations on private databases require authentication. Public databases can be read (SQL queries, list branches, etc.) without a token.

Endpoints that require authentication will return 401 Unauthorized if no valid credential is supplied, and 403 Forbidden if the credential is valid but lacks permission.

See Models → Problem for the error response format.