Cheat Sheet logoCheat Sheet Today
REST API Authentication, Authorization, and Versioning/Do not put tokens in the URL

Keep credentials out of path and query strings.

Back to sheetBrowse commands
Sign in to save
Section: Authentication patterns

Do not put tokens in the URL

text
text
Avoid: GET /reports?access_token=abc123
Explanation

URLs are frequently logged, cached, and copied, making them a poor place for secrets.

View in sheet →

Learn the surrounding workflow

Compare similar commands or jump into common fixes when this command is part of a bigger troubleshooting path.

Compare commandsView fixes

Related commands

Same sheet · prioritizing Authentication patterns
Bearer token header
Send an OAuth or JWT access token.
OpenIn sheethttpsame section
API key header
Send a static API key in a header.
OpenIn sheethttpsame section
Return 403 for insufficient role
Authenticated but lacks required permission.
OpenIn sheethttpsame section
Path-based versioning
Explicit major version in the URL.
OpenIn sheethttp1 tag match
Media type versioning
Negotiate version with the Accept header.
OpenIn sheethttp1 tag match
Date-based compatibility header
Pin behavior by release date.
OpenIn sheethttp1 tag match