Hub API
The Hub API lets you manage workspaces, projects, files, folders, versions, and members in Camunda Hub programmatically.
Authentication
All endpoints require a valid JWT bearer token. Obtain a token from your identity provider:
- SaaS — create API client credentials in the Camunda Console and exchange them for a token via the OAuth 2.0 client-credentials flow.
- Self-Managed — authenticate against your configured OIDC provider (Keycloak, Entra ID, or another OpenID Connect-compatible IdP).
Include the token in every request:
Authorization: Bearer <your-token>
Errors
Error responses use the RFC 9457 Problem Detail format with
Content-Type: application/problem+json. See the ProblemDetail schema
for the standard fields.
Pagination
Search endpoints accept a page object with from (offset) and limit
to control result windowing. Responses include a page object with
totalItems.
Rate limits
The Hub API does not currently enforce per-client rate limits. Clients should implement reasonable back-off and retry strategies to handle transient errors (HTTP 429 or 503).
V1 deprecation
The V1 API (/api/v1/) is deprecated as of 8.10 and will be removed in
8.12. Migrate to V2 at your earliest convenience — see the
migration guide
for details.
Authentication
- HTTP: Bearer Auth
A JWT access token obtained from your identity provider. For SaaS, use the OAuth 2.0 client-credentials flow with the client ID and secret created in Camunda Console. For Self-Managed, authenticate via your configured OIDC provider (e.g., Keycloak, Entra ID).
| Security Scheme Type: | http |
|---|---|
| HTTP Authorization Scheme: | bearer |
| Bearer format: | JWT |
License
Camunda License 1.0