API Key Authentication (≥v5.2.0)

Tom Piccirello edited this page 2025-12-18 22:01:23 -08:00

Table of Contents

• Introduction
• Format
• Usage
• Generate
• Limitations

Note

API key authentication is available starting from qBittorrent v5.2.0 or WebAPI v2.14.1

Introduction

You can authenticate to the qBittorrent WebAPI using an API key. This allows for stateless authentication without the use of cookies.

Currently, only a single API key is supported. This key can be rotated, which will immediately invalidate the previous key.

Format

API keys are 32 characters long. They start with the prefix qbt_ followed by 28 random alphanumeric characters. Each key is generated with 160 bits of entropy.

Usage

Specify the key in the Authorization header using a scheme of Bearer. For example: Authorization: Bearer <API_KEY>.

Generate

To generate an API key:

1. Open qBittorrent Preferences
2. Click on WebUI
3. Navigate to the API Key section
4. Click on the Generate icon.

Limitations

API keys cannot be used to fetch the WebUI or other static assets. They also cannot interact with the WebAPI's auth endpoints, including login and logout.

General

• Installing qBittorrent
• Frequently Asked Questions (FAQ)
• qBittorrent options (current and deprecated)
• How to use qBittorrent as a tracker
• How to use portable mode
• Anonymous mode
• How to bind your vpn to prevent ip leaks

Troubleshooting

• qBittorrent support forum
• I forgot my GUI lock password
• I forgot my WebUI password
• Speed issues

External programs

• How-to
• savecategory

Search plugins

• List of unofficial search plugins

Themes

• Developing custom UI themes
• How to use custom UI themes
• List of unofficial themes

Translation

• How to translate qBittorrent

---

WebUI

WebUI API

State	Version
Current	qBittorrent >= 5.0
Previous	qBittorrent v4.1.0 - v4.6.x
Previous	qBittorrent v3.2.0 - v4.0.x
Obsolete	qBittorrent < v3.2.0

WebAPI clients

• List of unofficial WebAPI clients

Alternate WebUI

• Alternate WebUI usage
• Developing alternate WebUIs
• List of unofficial alternate WebUIs

Reverse proxy setup for WebUI access

• NGINX
• Microsoft IIS ARR
• Traefik

WebUI HTTPS configuration

• Let's Encrypt Certificates + Caddy2 Reverse Proxy
• Let's Encrypt certificates + NGINX reverse proxy - Linux
• Let's Encrypt certificates - Linux
• Self-signed SSL certificates - Linux

---

Linux

• Running qBittorrent without X server (WebUI only)
• Running qBittorrent without X server (WebUI only, systemd service set up, Ubuntu 15.04 or newer)
• OpenVPN and qBittorrent without X server

---

Development

• Coding style
• Contributing
• How to write a search plugin
• Using VSCode for qBittorrent development
• Setup GDB with Qt pretty printers
• How to debug WebUI code

Compilation

Common information for CMake

*BSD, Linux

• Alpine Linux
• CentOS 8.x
• Debian / Ubuntu and derivatives (CMake)
• Debian / Ubuntu and derivatives (autotools/qmake)
• Docker
• FreeBSD (no GUI)
• Fully static binaries on Linux (glibc or musl)
• Raspberry Pi OS / DietPi
• Raspbian for LeMaker Banana Pro

macOS

• cmake (x86_64, arm64, cross-compilation, static linkage)
• autotools/qmake

Windows

• MSVC 2019 (CMake, static linkage)
• MSVC 2019 (qmake, static linkage)
• MSYS2

Obsolete compilation guides

Go back to home