bearer token

Definition

A bearer token is an opaque string sent in an HTTP Authorization: Bearer header. Whoever holds the token can act as the user it identifies, so tokens must be transmitted over TLS and stored carefully. OAuth access tokens, GitHub personal access tokens, and most SaaS API keys are bearer tokens.

When to use

See also

• OAuth — Industry-standard delegation protocol — lets a user authorise an app to access their data without sharing a password.
• TLS — The protocol that encrypts HTTP and other connections — what the lock icon in browsers actually means.