Basic HTTP and Bearer Token Authentication

Question

I am currently developing a REST-API which is HTTP-Basic protected for the development environment. As the real authentication is done via a token, I\'m still trying to figu

Answer 1

Standard (https://tools.ietf.org/html/rfc6750) says you can use:

• Form-Encoded Body Parameter: Authorization: Bearer mytoken123
• URI Query Parameter: access_token=mytoken123

So it's possible to pass many Bearer Token with URI, but doing this is discouraged (see section 5 in the standard).