How do I use the Match Bearer Token Authorization Headers regex?

Use the pattern /Bearer\s+([A-Za-z0-9\-._~+/]+=*)/g in JavaScript with RegExp or String.prototype.match(). Try it in the interactive tester above with pre-loaded test strings.

Regex to Match Bearer Token Authorization Headers

Match Bearer token authorization headers as used in HTTP Authentication. Captures the token value following the Bearer scheme keyword. Free regex tester.

Regular Expression

/Bearer\s+([A-Za-z0-9\-._~+/]+=*)/g

Token Breakdown

Token	Description
B	Matches the literal character 'B'
e	Matches the literal character 'e'
a	Matches the literal character 'a'
r	Matches the literal character 'r'
e	Matches the literal character 'e'
r	Matches the literal character 'r'
\s	Matches any whitespace character (space, tab, newline)
+	Matches the preceding element one or more times (greedy)
(	Start of capturing group
[A-Za-z0-9\-._~+/]	Character class — matches any one of: A-Za-z0-9\-._~+/
+	Matches the preceding element one or more times (greedy)
=	Matches the literal character '='
*	Matches the preceding element zero or more times (greedy)
)	End of group

Detailed Explanation

This regex matches Bearer token values as used in HTTP Authorization headers for OAuth 2.0 and API authentication. Here is the token-by-token breakdown:

Bearer — Matches the literal string Bearer, the authentication scheme identifier. The HTTP Authorization header format requires the scheme name followed by the credential.

\s+ — Matches one or more whitespace characters between the Bearer keyword and the token value. The HTTP specification requires at least one space.

( — Opens a capturing group for the token value itself.

[A-Za-z0-9-._~+/]+ — Matches one or more characters from the token character set. This includes letters (upper and lowercase), digits, hyphens, dots, underscores, tildes, plus signs, and forward slashes. This character set covers the token68 syntax defined in RFC 7235 as well as JWT tokens and opaque access tokens used by various OAuth providers.

=* — Matches zero or more equals signs for optional Base64 padding at the end of the token.

) — Closes the capturing group.

The g flag enables global matching. Bearer tokens are the most common authentication mechanism for REST APIs and OAuth 2.0 protected resources. The token is sent in the Authorization header: Authorization: Bearer eyJhbGciOiJIUzI1NiJ9...

This pattern is useful for extracting tokens from HTTP headers, log analysis, security auditing, and API testing tools. It captures the token in group 1 for further processing such as JWT decoding or token validation.

Example Test Strings

Input	Expected
Bearer abc123def456	Match
Bearer eyJhbGciOiJIUzI1NiJ9.eyJ0ZXN0IjoidmFsdWUifQ.signature	Match
Basic dXNlcjpwYXNz	No Match
Bearer	No Match
Bearer mytoken123+/=	Match

Try It — Interactive Tester

Regular Expression

//g

Flags

gglobalicase-insensitivemmultilinesdotAlluunicodeysticky

Test String

Match Highlighting(3 matches)

Bearer abc123def456 Bearer eyJhbGciOiJIUzI1NiJ9.eyJ0ZXN0IjoidmFsdWUifQ.signature Basic dXNlcjpwYXNz Bearer Bearer mytoken123+/=

Matches & Capture Groups

#1Bearer abc123def456index 0

Group 1:abc123def456

#2Bearer eyJhbGciOiJIUzI1NiJ9.eyJ0ZXN0IjoidmFsdWUifQ.signatureindex 20

Group 1:eyJhbGciOiJIUzI1NiJ9.eyJ0ZXN0IjoidmFsdWUifQ.signature

#3Bearer Bearerindex 100

Group 1:Bearer

Pattern: 32 charsFlags: gMatches: 3

Ctrl+Shift+C to copy regex

Customize this pattern →

Related Regex Patterns

Regex to Match JWT Tokens

/eyJ[A-Za-z0-9_-]*\.eyJ[A-Za-z0-9_-]*\.[A-Za-z0-9_-]+/g

Regex to Match Basic Authentication Headers

/Basic\s+([A-Za-z0-9+/]*={0,2})/g

Regex to Match API Key Formats

/(?:sk|pk|api|key)[-_]?(?:live|test|prod|dev)?[-_]?[A-Za-z0-9]{16,64}/g

Regex to Match HTTP Header Lines

/^([A-Za-z][A-Za-z0-9-]*):\s*(.+)$/gm