Glossary term · B
Bearer token
Definition
A bearer token is an API access token that grants whoever holds ("bears") it the right to access protected resources, without any further proof of identity — possession alone is sufficient, like cash. It is transmitted in the HTTP header
Authorization: Bearer <token>. In OAuth 2.0: bearer tokens are the standard access-token format; they are typically short-lived and carry scopes that bound what the holder may do. Certyneo's REST API uses bearer tokens to authenticate programmatic calls: creation of envelopes, status queries, webhook configuration and downloading of signed documents. Security implications: because the token is the credential, it must travel only over TLS, never be exposed client-side or logged, and be rotated regularly; a leaked bearer token is as dangerous as a leaked password until it expires or is revoked. Good practice: scope each token to the minimum required permissions, set a short expiry, and prefer per-integration tokens so one can be revoked without affecting the others.Associated guides
Related terms
Ready to put these concepts into practice?
Certyneo lets you create eIDAS-compliant signature envelopes in just a few clicks, with no installation required.