Overview
In some cases, you may feel more comfortable using a Bearer Token for Authorization. Sending an access token as a Bearer Token is useful when you want to conceal the access token in a request header instead of sending it to in the body or request. Sending a bearer token is simple and if you are familiar with basic authorization then bearer token will make a lot of sense. To send a bearer token for authorization against a protected resource send only one Authorization header in the following format:
Authorization: Bearer pwwbkvv7abqzonnvztpea91ich7vprwdorbt4w4m
When you send a bearer token you can not send any other authorization header. OAuth2 specification state that only one authorization header can be used. If more than 1 authorization header is presented at the same time then a 400 Bad Request should be presented.
PHP Curl Example
$curl = curl_init(); curl_setopt_array($curl, array( CURLOPT_URL => "http://wordpress.dev/wp-json/wp/v2/posts/1178/revisions/", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "GET", CURLOPT_HTTPHEADER => array( "authorization: Bearer pwwbkvv7abqzonnvztpea91ich7vprwdorbt4w4m", "cache-control: no-cache" ), )); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
jQuery AJAX Example
var access_token = 'pwwbkvv7abqzonnvztpea91ich7vprwdorbt4w4m'; jQuery.ajax( { url: 'https://{your-server-url}/me/', type: 'POST', data: { content: 'testing testing' }, beforeSend : function( xhr ) { xhr.setRequestHeader( 'Authorization', 'BEARER ' + access_token ); }, success: function( response ) { // response } } );