What’s a Bearer Token and why do I need it!

Lets first explain what a bearer token is used for ?

what is a bearer token?

Bearer Token is a security token with the property that any party in possession of the token (a “bearer”) can use the token in any way that any other party in possession of it can. Using a bearer token does not require a bearer to prove possession of cryptographic key material (proof-of-possession).

Access tokens are used in token-based authentication to allow an application to access an API. 

Note: Bearer Tokens are time sensitive and do expire frequently (matter of minutes)

What is an API ?

Wikipedia defines an API as “a computing interface that defines interactions between multiple software intermediaries. It defines the kinds of calls or requests that can be made, how to make them, the data formats that should be used, the conventions to follow, etc.”

APIs allow us to automate repetitive administrative tasks, capture complex configuration as code, and create whole new applications that build on existing services

Citrix Cloud and API’s

When working with Citrix Cloud and API’s a Bearer Token is often required in the OAuth authentication process. There are some great explanations on Citrix Docs on API integration on the links below



Creating a bearer token

In this blog I will step through the process of creating a bearer token using the citrix.com developer site

Open the following URL


Click on SettingsController

Click Invoke API

Enter the Customer ID (Can be found in the Citrix Admin console /Accounts settings)

Choose the option for Generate here

You are now prompted for the Client ID and Secret Key

click execute and see that the bearer token is available to copy and use.

Please note that bearer tokens are time sensitive and expire in minutes.

An Example: Enrolling WEM agents using a Bearer token

When working with WEM enrollment in a connectorless deployment, you can choose to enroll via a method that requires the Bearer Token as per the Citrix Docs


The following command utilized the bearer token to successfully enroll in a WEM agent.

  • Citrix.Wem.Agent.EnrollmentUtility.exe enroll –customer “dcint3XXXX” –bearer “add your token here” –url “api.wem.cloud.com

I can see that I have successfully enrolled in WEM using a bearer token and not a Client ID.

There are lots of other ways to create a bearer token, but I find this the easiest and most simple way to do it.

BT for extracting System Logs :

System Logs https://developer.cloud.com/citrix-cloud/citrix-cloud—systemlog/apis/Records/GetRecords


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.