This guide tells you all about Authorization Bearer tokens and how they can be used to make an HTTP request secure.

This guide is a general approach to Bearer tokens, however, we will include extra information on how they are used to add extra security to export URLs made with CSV Getter.

When you use a URL, you are making an HTTP request. Some URLs are open, and will give a 200 response to indicate the request has been successful. When an HTTP request requires authorisation, the URL is essentially asking for a password so that it can return data. Failing to provide this 'password' and the user can expect a 401 error code which means unauthorized or access denied.

There are different types of ways to provide the 'password' depending on how the URL server works. JWT tokens and API keys are some examples - learn more about them here. This article focuses on how Bearer tokens are used to Authenticate HTTP requests.

A bearer token can be included in a request by adding an Authorization request header with the prefix "Bearer ". A request header is essentially a way of adding a little bit of extra information when accessing a URL so the server understands how to process a request. (More information here).

It is easy to experiment with request headers using an app like Postman. Postman acts a bit like an internet browser, and is good for accessing URLs which do not necessarily return HTML web pages, and require certain request headers.

Below is an example of making an authorized http request using the Bearer token abc123 in Postman. Notice how the Bearer token is set to the request header with the key Authorization.

With the correct bearer token, the URL will give a 200 response and the expected data.

With an incorrect or missing token, the URL will give a 401 response and an error message.

Here is another example of making the same request but using a programming language like Python.

import requests

url = "https://api.csvgetter.com/example"

payload = {}
headers = {
  'Authorization': 'Bearer abc123'
}

response = requests.request("GET", url, headers=headers, data=payload)

print(response.text)

Authorization headers can also be passed into No-code tools like Make or Zapier. Below shows how to use the Bearer token in Make's HTTP module. Be sure you select the correct HTTP module. The Make a request module allows you to flexibly add http headers and set a bearer token like in the below example.

If you are a user of CSV Getter, you may want to add this extra layer of security to your Export URL by adding the bearer token requirement. You can do this using the "Edit URL" Screen, like in the below example.

With this setting in place, users of the export URL will need to provide a bearer token in order to access the data. Please note, Auth headers are only a feature with the CSV Getter Pro plan.