Glossary term · B
Bearer token
Definition
A bearer token is an API access token that grants whoever holds ("bears") it the right to access protected resources, without any further proof of identity — possession alone is sufficient, like cash. It is transmitted in the HTTP header
Authorization: Bearer <token>. In OAuth 2.0: bearer tokens are the standard access-token format; they are typically short-lived and carry scopes that bound what the holder may do. Certyneo's REST API uses bearer tokens to authenticate programmatic calls: creation of envelopes, status queries, webhook configuration and downloading of signed documents. Security implications: because the token is the credential, it must travel only over TLS, never be exposed client-side or logged, and be rotated regularly; a leaked bearer token is as dangerous as a leaked password until it expires or is revoked. Good practice: scope each token to the minimum required permissions, set a short expiry, and prefer per-integration tokens so one can be revoked without affecting the others.Related guides
Related terms
Ready to put these concepts into practice?
Certyneo allows you to create signature envelopes compliant with eIDAS in just a few clicks, without installation.