Bearer Token Authentication

RE: Bearer Token Authentication

Beena Venugopal — Fri, 10 Apr 2026 11:41:06 GMT

Does this generate new token for each API call? Can you please tell me whats "GenerateBearerToken" doing exactly?

RE: Bearer Token Authentication

Mike Schmitt — Wed, 04 Dec 2024 16:18:21 GMT

So this just gets a new token for each API call?

RE: Bearer Token Authentication

Mathieu Drouin — Wed, 27 Nov 2024 23:10:17 GMT

I've had instances where you need to generate a JWT for a system that does not have a pre-configured CS or the CS doesn't support certain methods and I want to use a pure HTTPS integration.

This is usually how I handle it.

RE: Bearer Token Authentication

Mike Schmitt — Wed, 27 Nov 2024 15:58:39 GMT

Ironically I was just working on this issue yesterday and at least for my system, found the correct syntax is passing the header name "Authorization" and value "Bearer *******" where *** = the token string itself (no quotes or single quotes or anything in the evaluated string of course).

This might vary by system though - for instance, the "bullhorn" personnel system requires the header name to be "BhRestToken" and the token is passed in plainly. Other systems might have different configurations that override the normal default, AFAIK.

RE: Bearer Token Authentication

Stefan Helzle — Wed, 27 Nov 2024 15:56:15 GMT

That's the correct way. As I describer above, I had an issue with some additional spaces, coming from copy&paste actions. Once cleaned up, the syntax "Bearer jasfz793qgfuaigfu99393" with exactly a single space works.

RE: Bearer Token Authentication

GauravSingh — Wed, 27 Nov 2024 15:49:44 GMT

What should the authentication option that we must select to configure in the CS?

Earlier I thought of using the API key once where Header Name I have put as "Authorization" and in the Value I used "Bearer 'Tokenvalue' " , but unfortunately it didn't worked.

The token that has been shared is a non-expiring once.

RE: Bearer Token Authentication

Stefan Helzle — Wed, 27 Nov 2024 07:55:24 GMT

Yes, I implemented something similar in the past. Just wanted to point out that skipping auth in the CS for no reason might be a bad idea to start with.

RE: Bearer Token Authentication

Mike Schmitt — Tue, 26 Nov 2024 21:43:49 GMT

[quote userid="274702" url="~/discussions/f/integrations/38040/bearer-token-authentication/143096"]Why did you not configure authentication in the CS? That's exactly the right place to do this! I frequently just but the string made of "Bearer + key" into the CS. [/quote]

In the case of the thing I'm trying to build now, I'm not sure this setup will work (though i'd love to be wrong here), as the bearer token is accessed by a call utilizing client id/secret AND username/password, and expires after 24 hours. The added kicker is the target system (guardian) requires the credentials to be sent over ONLY via "url encoded" format (no other formats will even remotely work), so that seems to completely break the autiomated oauth/connected system approach too. So we're stuck manually constructing the call using a cobbled-together url string and figuring out somewhere to store the daily authentication tokens, and refresh them (presumably by some daily process) all by manual construction.

RE: Bearer Token Authentication

Stefan Helzle — Tue, 26 Nov 2024 06:34:36 GMT

Why did you not configure authentication in the CS? That's exactly the right place to do this! I frequently just but the string made of "Bearer + key" into the CS. But I learned that I sometimes had a leading or trailing space in that string, which broke it.

When you create an Appian dictionary in the body section, Appian will automatically turn it into JSON. There is no need for an additional a!toJson call.

RE: Bearer Token Authentication

GauravSingh — Mon, 25 Nov 2024 19:01:01 GMT

Hi Stefan,

Thank you for your response,

I was trying to use the bearer token in the connected system which seems to be impossible hence I have configured the Integration object to have Authentication as "NONE" and configured the token in the Header section of the integration object as in below screen shots.

I was trying to put the exact Json in the body which was throwing error. After converting the JSON to Dictionary and using a!toJson on it has resolved the issue.

RE: Bearer Token Authentication

Stefan Helzle — Mon, 25 Nov 2024 17:16:05 GMT

For that JSON like structure, I highly suggest to use the correct Appian dictionary syntax. Appian will then turn it into JSON automatically.

[quote userid="64530" url="~/discussions/f/integrations/38040/bearer-token-authentication"]Kindly suggest if Appian can use such bearer token Authorize the API calls or not if yes then can we use it in our connected system or not, for now I have used it directly in the integration object as header but its not working.[/quote]

Sure, Appian does support Bearer authentication. Just check the docs. What exactly does "not working" mean?