Basic auth

Authorization: Basic xxxx

The string is a base64 encoded string of username:password

• As username and password are passed over as clear text, basic auth scheme is not secure. HTTPS should be used in conjunction.

Bearer auth (token auth)

Authorization: Bearer xxxx

The bearer token is a cryptic string, generated by server which can be understood as "give access to bearer of this token".

• Should also be used over HTTPS. Anyone with your token can gain access.