Sending an access token

You're viewing Apigee Edge documentation.
Go to the Apigee X documentation.

As an app developer, you need to include an access token in any request to Apigee Edge for a protected resource (an API that is protected with a VerifyAccessToken policy). Note that access tokens are also called "bearer tokens."

Sending an access token in a request

When you put a VerifyAccessToken policy at the front of your API proxy flow, apps must present a verifiable access token (also called a "bearer token") to consume your API. To do this, the app sends the access token in the request as an "Authorization" HTTP header.

For example:

$ curl -H "Authorization: Bearer ylSkZIjbdWybfs4fUQe9BqP0LH5Z" http://{org_name}

Apigee Edge will verify that the access token presented is valid, and then grant access to the API, returning the response to the app that made the request.

Related information

For information on obtaining an access token, see "Requesting tokens and auth codes".

For information on verifying access tokens, see "Verifying access tokens".