FazerCards Glossary
Bearer token vs API key
Two common HTTP authentication styles. FazerCards uses an API key in the X-Api-Key header — simpler and stable; bearer tokens are typically OAuth-issued and expire.
Bearer tokens (Authorization: Bearer <token>) are usually issued by an OAuth flow and rotate frequently — appropriate when the API consumer is an end user. API keys (X-Api-Key: <key>) are long-lived secrets owned by a server — appropriate when the consumer is a backend integration, which is FazerCards' case. The two are operationally similar but have different lifetime expectations.
Key facts
- FazerCards: X-Api-Key (server-side secret).
- OAuth bearer: user-context, short-lived.
- Rotate API keys on staff turnover.