Skip to content

API Key Authentication (≥v5.2.0)

Jump to bottom
Tom Piccirello edited this page Oct 15, 2025 · 3 revisions

Note

API key authentication is available starting from qBittorrent v5.2.0 or WebAPI v2.14.1

Introduction

You can authenticate to the qBittorrent WebAPI using an API key. This allows for stateless authentication without the use of cookies.

Currently, only a single API key is supported. This key can be rotated, which will immediately invalidate the previous key.

Format

API keys are 32 characters long. They start with the prefix qbt_ followed by 28 random alphanumeric characters. Each key is generated with 160 bits of entropy.

Usage

Specify the key in the Authorization header using a scheme of Bearer. For example: Authorization: Bearer <API_KEY>.

Generate

To generate an API key:

  1. Open qBittorrent Preferences
  2. Click on WebUI
  3. Navigate to the API Key section
  4. Click on the Generate icon.

Screenshot 2025-10-11 at 12 54 45

Limitations

API keys cannot be used to fetch the WebUI or other static assets. They also cannot interact with the WebAPI's auth endpoints, including login and logout.

Go back to home

General

Troubleshooting

External programs

Search plugins

Themes

Translation

WebUI

WebUI API

State Version
Current qBittorrent >= 5.0
Previous qBittorrent v4.1.0 - v4.6.x
Previous qBittorrent v3.2.0 - v4.0.x
Obsolete qBittorrent < v3.2.0

Authentication

WebAPI clients

Alternate WebUI

Reverse proxy setup for WebUI access

WebUI HTTPS configuration

Linux

Development

Compilation

Common information for CMake

*BSD, Linux

macOS

Windows

Obsolete compilation guides

Clone this wiki locally