Common HTTP headers¶

Authorization header¶

Basic format e.g. the basic auth¶

Usage: Authorization: Basic XXX

...where XXX is a string username:password encoded as Base64.

The browser will usually understand and save this format directly, e.g. you will not need to implement support for sessions in the client.

However, implementing features like sign out is much harder and the username and password will be stored plain text format.

Bearer format e.g. the token authentication¶

Usage: Authorization: Bearer TOKEN

...where TOKEN is authentication token from the backend.

Usually you'll get a token when you sign in.

To perform a request which must be authenticated later, you'll pass the token back to the server. This way, you don't need to save username and password
locally.

The token is often a JWT token. When working on the client side, you don't need to know much about the format.