Bearer Auth

Use bearer(...) when clients send Authorization: Bearer ... tokens.

Basic usage

app.use(
  bearer({
    secret: process.env.API_SECRET,
  })
);

Defaults

header: authorization
scheme: Bearer
context key: token

It also mirrors the token on ctx.authToken for compatibility.

Custom scheme example

app.use(
  bearer({
    scheme: "Token",
    secret: process.env.API_SECRET,
  })
);

When to prefer custom middleware

If validation needs external lookup, tenant resolution, or plan metadata, custom middleware or a plugin factory usually gives better long-term DX than stretching the bearer helper.

API Key Auth

Rate Limits, Caching, and Request State

⌘I

Basic usage
Defaults
Custom scheme example
When to prefer custom middleware

Introduction

Getting Started

Core Concepts

Plugins

Authentication & Control Flow

Examples

Deploy to Production

Reference

Basic usage

Defaults

Custom scheme example

When to prefer custom middleware

Introduction

Getting Started

Core Concepts

Plugins

Authentication & Control Flow

Examples

Deploy to Production

Reference

​Basic usage

​Defaults

​Custom scheme example

​When to prefer custom middleware

Basic usage

Defaults

Custom scheme example

When to prefer custom middleware