Bearer Token

A bearer token is a security credential used to authenticate API requests, passed in the HTTP Authorization header as Authorization: Bearer . Any request including a valid bearer token is granted the access associated with it.

Bearer tokens are commonly issued through OAuth 2.0 flows, where a client exchanges credentials for a short-lived access token. Unlike long-lived API keys, bearer tokens typically expire after minutes or hours and require periodic renewal through a refresh token.

Because bearer tokens grant access to whoever holds them, they must be transmitted over HTTPS and stored securely. Never log bearer tokens, store them in browser localStorage accessible to JavaScript, or include them in client-side source code.