Authentication Security Best Practices

general > bearer-token-cleartext

Guidance

Bearer tokens from OAuth 2.0 authorization flows are transported in the clear over an unencrypted channel.
Attackers can easily intercept API calls and retrieve the unencrypted tokens. They can then use the tokens to
make other API calls.

Applies to Operation

Constraint

Type: Declarative Validation