Authorization: <type> <credentials> pattern was introduced by the W3C in HTTP 1.0, and has been reused in many places since. Many web servers support multiple methods of authorization. In those cases sending just the token isn’t sufficient.
Sites that use the
Authorization : Bearer cn389ncoiwuencr
format are most likely implementing OAuth 2.0 bearer tokens.The OAuth 2.0 Authorization Framework sets a number of other requirements to keep authorization secure, for instance requiring the use of HTTPS/TLS.
If you’re integrating with a service that is using OAuth 2.0 it is a good idea to get familiar with the framework so that the flow you’re using is implemented correctly, and avoiding unnecessary vulnerabilities. There are a number of good tutorials available online.
Long before bearer authorization, this header was used for Basic authentication. For interoperability, the use of these headers is governed by W3C norms, so even if you’re reading and writing the header, you should follow them. Bearer distinguishes the type of Authorization you’re using, so it’s important.
A Bearer Token is set in the Authorization header of every Inline Action HTTP Request and Bearer itself determines the type of authentication.