Bearer token-based authentication is the method used to access secured resources in our API. It involves obtaining a special token, known as a "bearer token," and presenting it with API requests to prove authorization.

Here's how it works for the Operations1 REST API:

Obtaining a Bearer Token: API consumers need to acquire a bearer token to access protected resources. This token is given to a technical API user within your Operations1 platform. you can check this chapter on how to create the user and this chapter on how to obtain the token.
Sending the Token: Once in possession of the bearer token, include it in the headers of the API requests. The token is placed in the "Authorization" field of the request, similar to presenting a key to access a secured area.
Authentication: The API server processes the incoming request and validates the bearer token provided. If the token is valid and matches the server's expectations, access to the protected resource is granted. If the token is invalid or unauthorized, access is denied.
Access Control: Bearer tokens can have various permissions associated with them, such as read-only or full control access. The API server determines the level of access granted based on the permissions associated with the token. The permissions are based on the permissions the technical API user has.
Token Security: API consumers must safeguard their bearer tokens as if they were physical keys. Keeping the token secret and secure is essential to prevent unauthorized access. If someone else gains access to the token, they could potentially misuse it.

In summary, bearer token-based authentication is a method that API consumers use to prove their identity and authorization when accessing secured resources in an API. It is efficient and widely used for securing API interactions in various applications and services.