What authentication methods does Mintlify support?

Mintlify primarily supports API keys for programmatic access and GitHub OAuth for user authentication and repository integrations to manage documentation.

How do I generate an API key for Mintlify?

You can generate an API key from your Mintlify dashboard by navigating to your project or organization settings and selecting the option to create a new API key. Remember to copy and store it securely immediately after generation.

Is GitHub authentication required for Mintlify?

GitHub authentication is essential for linking Mintlify projects to GitHub repositories, enabling automatic publishing features, and for user login to the Mintlify platform.

How does Mintlify handle authentication for CLI commands?

The Mintlify CLI typically handles authentication through a login process (e.g., `mintlify login`) which establishes local credentials, often leveraging GitHub OAuth, abstracting away direct API key management for publishing tasks.

What are the security best practices for Mintlify API keys?

Best practices include using least privilege, regular key rotation, secure storage (e.g., environment variables, secret managers), immediate deletion of unused keys, and monitoring for suspicious activity.

Does Mintlify support Multi-Factor Authentication (MFA)?

While Mintlify itself may integrate with identity providers that support MFA, it is strongly recommended to enable MFA on your linked GitHub account and any other accounts used to access Mintlify for enhanced security.

Mintlify Authentication: Methods, Setup, and Security (2026)

Mintlify authentication allows users to secure their documentation projects and integrate with external services. It primarily relies on API keys and GitHub-based authentication for managing access and publishing content. Understanding these methods is crucial for setting up secure documentation workflows and maintaining control over sensitive information.

Authentication overview

Mintlify provides various authentication mechanisms to secure access to documentation projects, manage content, and integrate with external services. These methods ensure that only authorized users and systems can publish, update, or retrieve documentation assets. The primary approaches involve API keys for programmatic access and GitHub OAuth for user and repository-level integrations Mintlify security documentation. Effective authentication is foundational for maintaining data integrity and confidentiality within documentation workflows.

The system is designed to support different operational needs, from individual developers managing a single project to larger teams requiring granular access controls and audit trails. Understanding the specific use cases for each authentication method helps in implementing a secure and efficient documentation environment.

Supported authentication methods

Mintlify primarily supports two main authentication methods to address different interaction models: API keys for automated processes and GitHub OAuth for user-driven interactions and repository linking. These methods are tailored to the platform's focus on developer documentation and integration with version control systems.

API Keys

API keys are long, unique strings used to authenticate applications or services when making programmatic requests to the Mintlify API. They are suitable for automated tasks, such as continuous integration/continuous deployment (CI/CD) pipelines publishing documentation updates, or custom scripts interacting with Mintlify programmatically. API keys typically grant access to specific actions or resources, depending on their scope and permissions configured during creation. Users can generate and manage API keys directly from their Mintlify dashboard Mintlify API key management guide.

GitHub OAuth

GitHub OAuth (Open Authorization) is used to authenticate users and link Mintlify projects with GitHub repositories. This method allows Mintlify to perform actions on behalf of a user, such as reading repository data or committing documentation changes, without requiring the user's GitHub username and password. GitHub OAuth is fundamental for features like automatic publishing on repository pushes and managing documentation directly from source control. It leverages GitHub's robust authentication infrastructure GitHub OAuth authorization flow, simplifying user access and integration.

The following table summarizes Mintlify's supported authentication methods:

Method	When to Use	Security Level
API Key	Automated processes, CI/CD pipelines, programmatic access to Mintlify API.	High (if managed securely, scope-based permissions)
GitHub OAuth	User login, linking GitHub repositories, syncing documentation with source control.	High (leverages GitHub's security for user authentication)

Getting your credentials

Accessing Mintlify's features requires obtaining the appropriate credentials based on your intended use case. For programmatic interactions, you'll need an API key. For linking your documentation project to a GitHub repository or logging into the Mintlify platform, you'll use GitHub's OAuth flow.

Generating an API Key

Log In: Access your Mintlify dashboard at Mintlify's official documentation portal.
Navigate to Settings: Go to your project or organization settings. The exact path may vary, but typically involves a 'Settings' or 'API Keys' section.
Create New Key: Look for an option to 'Generate New API Key' or 'Create Token'.
Define Scope (if applicable): Some platforms allow defining the scope or permissions for the API key. While Mintlify's API keys are generally tied to a project, ensure you understand any options presented for limiting its capabilities.
Copy Key: Once generated, the API key will be displayed. Copy it immediately and store it securely, as it typically won't be retrievable again after leaving the page.

Authenticating with GitHub OAuth

Initiate Link: When setting up a new Mintlify project or linking an existing one to a GitHub repository, Mintlify will prompt you to connect to GitHub.
Authorize Application: You will be redirected to GitHub's authorization page. Review the permissions Mintlify requests (e.g., access to public repositories, write access for documentation updates).
Grant Access: Click 'Authorize' to grant Mintlify the necessary permissions. You might need to enter your GitHub credentials if not already logged in.
Redirection: After successful authorization, GitHub will redirect you back to Mintlify, confirming the connection.

Authenticated request example

While Mintlify primarily operates through its CLI and GitHub integrations rather than a public REST API for content manipulation, the concept of authentication applies to its internal operations. For instance, when using the Mintlify CLI to publish your documentation, your local environment must be authenticated. This often involves logging in via the CLI, which then handles the underlying authentication tokens. For direct API usage, if available for enterprise plans or specific features, an API key would be used in a header.

Here's a conceptual example of how an API key might be used in an HTTP header if Mintlify exposed a direct content API for publishing (this is illustrative, as Mintlify primarily uses its CLI for publishing):


curl -X POST \
  https://api.mintlify.com/v1/publish/my-docs-project \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_MINTLIFY_API_KEY" \
  -d '{"version": "1.0.0", "content_hash": "a1b2c3d4e5f6"}'

In practice, developers typically use the Mintlify CLI to publish documentation, which abstracts away the direct API request authentication details:


mintlify publish

The mintlify publish command would implicitly authenticate using credentials configured in your local environment, often established during the initial mintlify login process, which may involve GitHub OAuth or a similar token-based mechanism. For detailed command-line instructions, consult the Mintlify CLI documentation.

Security best practices

Implementing strong security practices is essential when managing authentication credentials for any platform, including Mintlify. These practices help protect your documentation projects from unauthorized access and potential data breaches.

API Key Management

Least Privilege: Grant API keys only the minimum necessary permissions required for their intended function. Avoid using keys with broad administrative access for automated tasks.
Regular Rotation: Periodically rotate your API keys, ideally every 90 days or sooner, to minimize the window of opportunity for a compromised key to be exploited.
Secure Storage: Never hardcode API keys directly into your source code. Use environment variables, secure configuration management tools, or secret management services (e.g., AWS Secrets Manager, Google Cloud Secret Manager, Azure Key Vault) to store and retrieve them securely Google Cloud Secret Manager overview.
Deletion: Immediately revoke or delete API keys that are no longer in use, have been compromised, or belong to departed team members.
Monitoring: Monitor API key usage for unusual activity that might indicate a compromise.

GitHub OAuth Security

Review Permissions: Always carefully review the permissions Mintlify requests during the GitHub OAuth authorization flow. Grant only the necessary access.
Regular Audits: Periodically review the list of authorized OAuth applications in your GitHub account settings and revoke access for any applications you no longer use or trust.
Strong GitHub Security: Ensure your GitHub account is secured with strong, unique passwords and Multi-Factor Authentication (MFA) to prevent unauthorized access to linked applications.

General Authentication Security

Multi-Factor Authentication (MFA): Enable MFA on your Mintlify account and linked GitHub accounts whenever possible. This adds an extra layer of security beyond just a password.
Access Control: Implement role-based access control (RBAC) within your Mintlify organization to ensure team members only have access to the projects and features relevant to their roles.
Audit Logs: Regularly review audit logs provided by Mintlify (if available) to detect and investigate any suspicious authentication attempts or actions.
Secure Development Practices: Follow secure coding practices in any scripts or applications that interact with Mintlify to prevent vulnerabilities like injection attacks or credential exposure.

Mintlify Authentication: Methods, Setup, and Security (2026)

Authentication overview

Supported authentication methods

API Keys

GitHub OAuth

Getting your credentials

Generating an API Key

Authenticating with GitHub OAuth

Authenticated request example

Security best practices

API Key Management

GitHub OAuth Security

General Authentication Security

Frequently asked questions

Reviews

Discussion

Written by