Under heavy development
StitchAPI
GuidesAuth

bearer

Attach a bearer token resolved at call time from an env var or the keychain.

Use bearer when an API authenticates with a token sent as Authorization: Bearer <token>, and you want the token resolved at call time so the secret stays out of your code and out of the caller's hands.

Example

import { , ,  } from 'stitchapi';

const  = ({
    : 'https://api.example.com',
    : '/me',
    : (('API_TOKEN')),
});

The token is read each time me() runs, so a rotated secret takes effect on the next call with no rewiring.

Options

bearer accepts either a literal string or a resolver thunk (() => string). Strongly prefer a resolver: it reads the secret per call from the environment or the keychain, so nothing is committed and the stitch hands callers a capability, not the credential — see Capability, not credential.

Use env('API_TOKEN') for an environment variable or keychain('API_TOKEN') for the spike keychain; both return a thunk resolved at call time. See Reference → Auth strategies for the full auth table.

Passing a literal string bakes the secret into your source. Reach for a resolver unless the token is a non-secret placeholder.

See also

Secret resolvers

Capability, not credential

Auth strategies

.with() partial application

Pre-bind part of a call and reuse the same runtime so cookies, throttle, and sessions persist.

apiKey

Send an API key as a header or query parameter, resolved at call time.

On this page

ExampleOptionsSee also