interview

home / developersection / interviews / what is a bearer token and how is it used in the authorization header?

Ask Question
ICSM Computer

IT-Hardware & Networking

Ravi Vishwakarma is a dedicated Software Developer with a passion for crafting efficient and innovative solutions. With a keen eye for detail and years of experience, he excels in developing robust software systems that meet client needs. His expertise spans across multiple programming languages and technologies, making him a valuable asset in any software development project.

Follow
Can you answer this question?
Answer

1 Answers

ICSM Computer

ICSM Computer

11-Jun-2025

What is a Bearer Token?

A Bearer token is a type of access token used in token-based authentication, typically JWT (JSON Web Token), which proves the identity of the client to a server. The term “bearer” means that whoever possesses the token is granted access — no additional proof is needed.

Format in HTTP Request

Bearer tokens are sent in the Authorization header like this:

Authorization: Bearer <your-token-here>

Example:

GET /api/user/profile HTTP/1.1
Host: api.example.com
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6...

Why It's Called "Bearer"

It means "whoever bears (holds) the token gets access" — just like cash: anyone holding it can spend it.

So:

  • Protect the token like a password
  • Never expose it in URLs or public places

Typical Flow of Bearer Token Usage

  • Client sends credentials to /api/auth/login:
{
  "email": "user@example.com",
  "password": "mypassword"
}
  • Server responds with token:
{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
  • Client stores the token (e.g., in memory, localStorage, or sessionStorage)
  • Client includes the token in Authorization header for all future requests:
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
  • Server validates the token and processes the request if valid.

Server-side Token Validation (ASP.NET)

In .NET Core:

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options =>
    {
        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuer = true,
            ValidateAudience = true,
            ValidateLifetime = true,
            ValidateIssuerSigningKey = true,
            ValidIssuer = "yourapp.com",
            ValidAudience = "yourapp.com",
            IssuerSigningKey = new SymmetricSecurityKey(
                Encoding.UTF8.GetBytes("your-secret-key"))
        };
    });

In .NET Framework:

Use middleware like Microsoft.Owin.Security.Jwt

Best Practices

Practice Reason
Use HTTPS only Prevent token sniffing
Set short expiration times Limit impact if token is leaked
Use refresh tokens if needed Maintain security with longer sessions
Never store tokens in URLs Can be leaked via logs or referrers

Summary

Term Meaning
Bearer token A token that grants access when "borne" (held)
Authorization header Where the token is sent in HTTP requests
Usage Authenticates API requests
MindStick Training
MindStick Training

Liked By

We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy