Authentication Security Best Practices

bearer-token-cleartext

general > bearer-token-cleartext

Guidance

Bearer tokens from OAuth 2.0 authorization flows are transported in the clear over an unencrypted channel.
Attackers can easily intercept API calls and retrieve the unencrypted tokens. They can then use the tokens to
make other API calls.

Message

Bearer tokens must be transported over an encrypted channel

Examples

valid

openapi: 3.0.0
info:
  title: My API
  description: This is a sample API
  version: 1.0.0
servers:
  - url: https://api.example.com/v1

invalid

openapi: 3.0.0
info:
  title: My API
  description: This is a sample API
  version: 1.0.0
servers:
  - url: http://api.example.com/v1

Applies to Operation

Type	Ruleset
Organization	MuleSoft
Published by	MuleSoft Organization
Published on	Nov 29, 2023

Authentication Security Best Practices

bearer-token-cleartext

Guidance

Message

Examples

valid

invalid

Constraint

Type: Declarative Validation

Asset versions for 1.1.x

Tags