Hi Niels,
I expect you will want to better understand what they are actually asking for. It sounds like they are assuming that "Bearer" means something, and I'm not sure that you (or I) are on board yet with what it actually means (to them). It might be useful to understand where the token comes from, how it works, and so on.
In terms of incoming requests - there's an Authenticate embed in WebHandler which takes a token. (You're probably familiar with the one that takes user and password, used in basic authentication, but there's also one for brearer.) You can obviously add any code you like to authenticate the token in there.
In terms of what the token is, maybe you generate it - or maybe they generate it? Or maybe it's generated by a 3rd-party service (like "log in with google").
Incidentally an example of bearer token authentication is in Secwin 7. Web apps protected with Secwin 7 allow the user to "be remembered". This generates a token, which is sent to the client. This token is then sent back to the server, and evaluated as above when the user reconnects later on. but that's just an example, I don't know what your requirement actually is.
Cheers
Bruce
Topic: Bearer authentication in a webservice - how? (Read 237 times)