2 min read
Definition
'Bearer' means possession is authorisation: anyone holding the token can use it. Credicorp access tokens are bearer tokens, sent as Authorization: Bearer <token>. Their short lifetime limits the window a leaked token is useful.
In plain terms
A token that works for whoever has it, like cash — so guard it.
Why it matters here
Never log or expose a bearer token; keep it server-side and re-mint on expiry. See the token lifecycle.
Related reading

Access token
An access token is the short-lived bearer JWT you send as Authorization: Bearer on partner calls. You mint it…
Read →
Client-credentials grant
The client-credentials grant is the OAuth 2.0 machine-to-machine flow: a server exchanges a client ID and…
Read →
Scope
A scope is a named capability on an OAuth token — like applications:write — that bounds what the token can…
Read →Funding for UK limited companies
Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.