Bearer token authentication in Rest API - Time & Space Complexity

We want to understand how the time taken to check a bearer token changes as more requests come in or as token data grows.

How does the system handle more tokens or requests efficiently?

Analyze the time complexity of the following code snippet.

// Example of bearer token authentication check
function authenticateRequest(request) {
  const authHeader = request.headers['authorization'];
  if (!authHeader) return false;
  const token = authHeader.split(' ')[1];
  return verifyToken(token); // checks token validity
}

This code extracts the bearer token from the request header and verifies it.

Identify the loops, recursion, array traversals that repeat.

• Primary operation: The token verification process, which may involve checking the token against stored data or decoding it.
• How many times: This happens once per request, but the verification itself may involve multiple steps depending on implementation.

As the number of requests grows, the system verifies each token once.

Input Size (n requests)	Approx. Operations
10	10 token verifications
100	100 token verifications
1000	1000 token verifications

Pattern observation: The work grows directly with the number of requests, one verification per request.

Time Complexity: O(n)

This means the time to authenticate grows linearly with the number of requests.

[X] Wrong: "Verifying a token takes constant time no matter what, so it doesn't affect performance."

[OK] Correct: Token verification can involve decoding or database lookups, which take time that adds up with many requests.

Understanding how authentication scales helps you design APIs that stay fast and secure as more users connect.

"What if token verification used a cache to speed up repeated checks? How would the time complexity change?"