Passing a JWT into Headless APIs

Learn how to pass a JWT to a web API as a bearer token.

Because web API applications are headless, they cannot initiate the OIDC authentication flow; a client application does this. However, we still need to make sure that only authorized requests can access our web API endpoints. To do so, we will need to use a bearer token.

A bearer token is a type of access token that is used to authorize and authenticate HTTP requests in token-based security protocols like OAuth 2.0. It's called a "bearer" token because whoever possesses or bears the token is granted access to certain resources or functionalities.

Get hands-on with 1400+ tech skills courses.