Apidog

All-in-one Collaborative API Development Platform

API Design

API Documentation

API Debugging

API Mock

API Automated Testing

Sign up for free

How to Add and Pass Bearer Token in Header

Start for free
Contents
Home / Applied skills / How to Add and Pass Bearer Token in Header

How to Add and Pass Bearer Token in Header

When calling an API that uses bearer token auth, you need to properly format and send the header to pass the token to the API. Here are the steps to set the Authorization header with a bearer token in Apidog.

Bearer tokens are commonly used for authentication when calling APIs. The token represents the user's identity and is sent in the HTTP Authorization header on API requests.

When calling an API that uses bearer token auth, you need to properly format and send the header to pass the token to the API. Here are the steps to set the Authorization header with a bearer token in Apidog:

button


What is the Bearer Token in the Header?

A Bearer Token is a type of access token that is included in the authorization header of an HTTP request. It is a security token that is commonly used in authentication protocols, such as OAuth 2.0. The bearer token is a string that represents the authorization granted to the client and is included in the request header using the "Authorization" field.

The format of the Authorization header with a Bearer Token typically looks like this:

makefileCopy codeAuthorization: Bearer <token>

Here, <token> is replaced with the actual bearer token that the client received during the authentication process. The server uses this token to verify the identity of the client and grant access to the requested resource or perform the requested action.

Bearer Tokens are often used to access protected resources on behalf of a user after the user has granted permission. They are widely used in APIs (Application Programming Interfaces) to secure access to resources and ensure that only authorized clients can make requests. It's important to handle bearer tokens securely, as they represent a form of sensitive information and should not be disclosed to unauthorized parties.

How to Add and Pass Bearer Token in Header

Step 1. Obtain the Bearer Token

First, you need to obtain a valid bearer token to use in the header. This is usually generated when the user logs in or registers with your app. The token encodes information like the user ID, permissions, and expiration time. Here is a guide on how to create a bearer token.

Store the token securely in your app - usually in local storage or a cookie. Don't include sensitive user data in the token payload.

Step 2. Make an HTTP Request with a Bearer Token

In Apidog, make an HTTP GET or POST request by clicking the "+" button.

Add new request

Then input the URL and select the " Bearer Token" from the auth type dropdown list. Fill your bearer token here.

Bearer Token

Step 3. Add the Header to the Request

Add an Authorization header with your bearer token to authenticate the request. The header should follow the format:

Authorization: Bearer <token>

For example:

Add the Header to the Request

Where {token} is replaced with your actual bearer token string. This allows the server to validate the provided token and authorize the GET or POST request. Bearer tokens should only be transmitted over HTTPS for security.

Other Ways to do this:

  • JavaScript Fetch:
fetch('/api/users', {
  headers: {
    'Authorization': 'Bearer ' + token 
  }
});
  • cURL
curl -H "Authorization: Bearer <token>" https://api.example.com
  • Java
request.addHeader("Authorization", "Bearer " + token);

Step 4.  Send the Header Request and Response returned

Clicking the " Send" button to The token will be validated by API server. The server will decode the header, extract the token, validate it, and authenticate the request if the token is valid and active.

Response returned

If authorized, the server will return the requested resource in the response. The client can now interact with protected resources using the authenticated request.

Conclusion

Properly formatting and sending bearer tokens in the Authorization header provides a secure and standardized way to implement authentication when consuming APIs and web services. Bearer tokens encapsulate user identity without exposing sensitive credentials on each request.

Following the steps outlined of obtaining tokens, constructing the header value, attaching it to requests, and validating on the server will enable frictionless API authorization in your applications. Make sure to properly manage and rotate tokens to keep user data safe.

Implementing token-based authentication using the Authorization bearer scheme improves security, separates client and server concerns, and makes it easy to integrate APIs and microservices in your architecture. With a solid understanding of how bearer tokens and headers work together, you can build scalable and secure systems.

button