Bearer Token
SecurityDefinition
A bearer token is an access token type where possession of the token is sufficient for authentication — "bearer" means whoever holds it can use it. Bearer tokens are used in OAuth 2.0 and are sent in the Authorization header: "Authorization: Bearer <token>". JWTs are commonly used as bearer tokens.
Related Tools
Frequently Asked Questions
Related Terms
JWT
JSON Web Token (JWT) is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. JWTs are self-contained tokens composed of three Base64URL-encoded parts: header, payload, and signature. Widely used for authentication and API authorization.
OAuth
OAuth 2.0 is an authorization framework that allows applications to obtain limited access to user accounts on HTTP services. OAuth enables "Login with Google/GitHub" flows where a third-party app is granted access to specific user data without receiving the user's password.
API Key
An API key is a unique identifier string passed in requests to authenticate an application or user accessing an API. API keys are simpler than OAuth but provide less security — they are long-lived, not scoped per-user, and must be kept secret.
SSL/TLS
SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that provide encrypted communication over the internet. TLS is used in HTTPS, email (SMTP/IMAP), VPNs, and any application requiring secure data transmission. SSL is deprecated; TLS 1.3 is current.