Saturday 04 July 2026 11:04:59 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Bearer token

A credential that grants access to a system to whoever presents it, until it is revoked or expires.

A bearer token is an access credential that works on presentation alone: whoever holds and submits the token is treated as authorized until the token expires or is revoked. Unlike a password that may be paired with a user interaction, a bearer token is a ready-made proof of access for APIs, web apps, cloud services, and automation jobs.

In cyber security, bearer tokens matter because stealing one can be enough to bypass normal login controls and reach whatever permissions the token already has. Attackers often target tokens in browser sessions, CI/CD pipelines, logs, or exposed files, then reuse them to read data, change settings, or download source code. Defenders limit this risk with short lifetimes, narrow scopes, secret scanning, strong revocation processes, and token inventories so a compromised credential can be cut off quickly.

← WIKICROOK index