beginner

What is a Bearer token in authentication?

A Bearer token is a secret string that a client sends to a server to prove its identity. It works like a digital key that grants access to protected resources.

Click to reveal answer

beginner

How is a Bearer token typically sent in an HTTP request?

It is sent in the HTTP header named Authorization with the word Bearer followed by the token, like this: <br>Authorization: Bearer <token>.

Click to reveal answer

beginner

Why should Bearer tokens be kept secret?

Because anyone who has the Bearer token can access the protected resources as if they were the authorized user. It is like having a key to someone's house.

Click to reveal answer

intermediate

What happens if a Bearer token is expired or invalid?

The server will reject the request, usually responding with a 401 Unauthorized status, meaning the client must get a new token or re-authenticate.

Click to reveal answer

intermediate

Can Bearer tokens be used over HTTP instead of HTTPS? Why or why not?

Bearer tokens should only be used over HTTPS because HTTP is not secure. If sent over HTTP, the token can be intercepted by attackers and misused.

Click to reveal answer

Where is the Bearer token placed in an HTTP request?

AIn the request body

BIn the URL query parameters

CIn a cookie

DIn the Authorization header

What does the server respond with if the Bearer token is missing or invalid?

A401 Unauthorized

B200 OK

C404 Not Found

D500 Internal Server Error

Why must Bearer tokens be kept secret?

ABecause they contain the user's password

BBecause they expire quickly

CBecause they allow access to protected resources

DBecause they are stored in cookies

Which protocol should be used to securely send Bearer tokens?

AHTTPS

BFTP

CHTTP

DSMTP

What keyword precedes the token in the Authorization header?

AToken

BBearer

CBasic

DDigest

Explain how Bearer token authentication works in a REST API.

Describe why it is important to use HTTPS when using Bearer tokens.