API: Provide an access token

The authentication process provides you with an access token. Most API calls need such an access token, so that they know the identity of the caller.

You send the access token in the “Authorization” request header field, as described in RFC 6750, section 2.1. You need to use the “Bearer” authentication scheme to transmit the access token.

For example (in plain text HTTP):

GET /z HTTP/1.0
Authorization: Bearer eyJhbGciOiJIUzUxMiJ9.eyJfdGsiOjEsImV4cCI6MTYwMTczMTI3NSwiaWF0IjoxNjAxNzMwNjc1LCJzdWIiOiJhYmMiLCJ6aWQiOiIyMDIwMTAwMzE1MDEwMCJ9.ekhXkvn146P2bMKFQcU-bNlvgbeO6sS39hs6U5EKfjIqnSInkuHYjYAIfUqf_clYRfr6YBlX5izii8XfxV8jhg

Note, that there is exactly one space character (“”, U+0020) between the string “Bearer” and the access token: Authorization:␣Bearer␣eyJhbGciOiJIUzUxMiJ9.ey....

If you use the curl tool, you can use the -H command line parameter to set this header field.