Docs

Bearer Token Authentication

The Bearer plugin enables authentication using Bearer tokens as an alternative to browser cookies. It intercepts requests, adding the Bearer token to the Authorization header before forwarding them to your API.

Installing the Bearer Plugin

Add the Bearer plugin to your authentication setup:

auth.ts
import { betterAuth } from "better-auth";
import { bearer } from "better-auth/plugins";
 
export const auth = betterAuth({
    plugins: [bearer()]
});

How to Use Bearer Tokens

1. Obtain the Bearer Token

After a successful sign-in, you'll receive a session object containing the session object. The id is the token you need to send in the Authorization header for all subsequent requests.

client.ts
const { data } = await authClient.signIn.email({
    email: "user@example.com",
    password: "securepassword"
});
 
const token = data.session.id;
// Store the token securely (e.g., in localStorage)
localStorage.setItem("bearer_token", token);

2. Configure the Auth Client

Set up your auth client to include the Bearer token in all requests:

auth-client.ts
const token = localStorage.getItem("bearer_token");
 
export const authClient = createAuthClient({
    fetchOptions: {
        headers: {
            Authorization: `Bearer ${token}`
        }
    }
});

3. Make Authenticated Requests

Now you can make authenticated API calls:

client.ts
// This request is automatically authenticated
const { data } = await authClient.user.listSessions();

4. Per-Request Token (Optional)

You can also provide the token for individual requests:

client.ts
const { data } = await authClient.user.listSessions({
    fetchOptions: {
        headers: {
            Authorization: `Bearer ${token}`
        }
    }
});

5. Using Bearer Tokens Outside the Auth Client

The Bearer token can be used to authenticate any request to your API, even when not using the auth client:

api-call.ts
const token = localStorage.getItem("bearer_token");
 
const response = await fetch("https://api.example.com/data", {
  headers: {
    Authorization: `Bearer ${token}`
  }
});
 
const data = await response.json();

And in the server, you can use the auth.api.getSession function to authenticate requests:

server.ts
import { auth } from "@/auth";
 
export async function handler(req, res) {
  const session = await auth.api.getSession({
    headers: req.headers
  });
  
  if (!session) {
    return res.status(401).json({ error: "Unauthorized" });
  }
  
  // Process authenticated request
  // ...
}

On this page

Installing the Bearer Plugin
How to Use Bearer Tokens
1. Obtain the Bearer Token
2. Configure the Auth Client
3. Make Authenticated Requests
4. Per-Request Token (Optional)
5. Using Bearer Tokens Outside the Auth Client
Edit on GitHub