As an app developer, you need to include an access token in any request to Apigee for a protected resource (an API that is protected with a VerifyAccessToken policy). Note that access tokens are also called bearer tokens.
Sending an access token in a request
When you put a VerifyAccessToken policy at the front of your API proxy flow, apps must present a verifiable access token (also called a bearer token) to consume your API. To do this, the app sends the access token in the request as an Authorization HTTP header.
Apigee will verify that the access token presented is valid, and then grant access to the API, returning the response to the app that made the request.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-04-24 UTC."],[[["This content applies to both Apigee and Apigee hybrid platforms."],["App developers must include an access token, also referred to as a bearer token, in requests to access protected resources on Apigee."],["The access token is sent in the request as an Authorization HTTP header."],["Apigee verifies the validity of the presented access token before granting API access and returning a response."]]],[]]
