Why are we getting a bearer token?

A bearer token is a type of access token that grants the holder (the "bearer") permission to access protected resources. It is called "bearer" because possession of the token is sufficient to authenticate the request; no additional proof of identity is required. This simplicity makes bearer tokens ideal for stateless authentication in RESTful APIs. When a client obtains a bearer token (often via OAuth 2.0), it includes the token in the HTTP Authorization header: Authorization: Bearer <token>. The server then validates the token—checking its signature, expiration, and scopes—before allowing access. Using bearer tokens reduces server load by eliminating session state, scales well across distributed systems, and aligns with modern API security practices. However, because the token is essentially a password, it must be transmitted over HTTPS and stored securely to prevent theft.