Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why do we prefer Authorization Header to send bearer token to server over other techniques like URL encoding

Why Authorization header is mostly used to send a bearer token to server? Why don't we send our authorization token as URL parameter or post it as json payload with the request body?

like image 272
ivplay Avatar asked Dec 01 '16 05:12

ivplay


1 Answers

Headers are perfect to hold these data, they are independent of request type.

You could send Authorization token in body, even everything other like Content-Type, Content-Length, cache headers also but different request types (POST,GET..) could have different request body format. GET sends data using query parameters POST/PUT in encoded form in the body (with Content-Type: application/x-www-form-urlencoded to make server aware of incomming data format), Content-Type: application/json with JSON in body, XML and others. Things get more complicated on multipart requests (check this https://stackoverflow.com/a/19712083/1017363).

So as you can see authorization token in body or query makes things more complicated on client and server side. Client should know how to "fit" authorization token on every request and server should know then how to read this value.

like image 198
PiKey Avatar answered Oct 23 '22 03:10

PiKey