New Transparent capture is in preview. Record every app's traffic with no proxy configuration, on Windows, macOS and Linux. Learn more

hasAuthorizationBearerFilter Filter

Match requests whose Authorization header carries a bearer token, so you can target OAuth and JWT traffic with surgical precision.

Bearer tokens are everywhere in modern APIs, and being able to isolate them in a capture saves real time when debugging authentication problems. The hasAuthorizationBearerFilter is the precise tool for the job: it matches only requests carrying a bearer scheme and leaves basic auth, custom signatures, and anonymous traffic alone.

When to use this filter

Use hasAuthorizationBearerFilter when a rule should only run against requests using bearer token authentication, which is the dominant pattern for OAuth 2.0 and JWT based APIs. The filter is evaluated at request header time, so it can be combined with header rewrites, tagging, or replacement actions.

Typical scenarios:

  • Replacing an expired token across an entire capture without touching basic auth calls.
  • Tagging every bearer authenticated exchange to triage which APIs your client touches with credentials.
  • Forwarding bearer protected traffic through a separate upstream proxy or logging pipeline.

Real world examples

Swap the bearer token for a debugging value

Replace every bearer token with a known test value so you can reproduce a backend issue without leaking the real one in logs.

rules:
- filter:
    typeKind: HasAuthorizationBearerFilter
  actions:
  - typeKind: AddAuthorizationBearerAction
    token: test-token-for-debugging

Tag bearer authenticated calls for a single API

Mark OAuth protected exchanges hitting a specific host so they stand out in the session viewer.

rules:
- filter:
    typeKind: FilterCollection
    operation: And
    children:
    - typeKind: HasAuthorizationBearerFilter
    - typeKind: HostFilter
      pattern: api.example.com
      operation: Exact
  actions:
  - typeKind: ApplyTagAction
    tag:
      value: oauth-call

Block bearer authenticated requests to a sensitive host

Useful in a sandboxed environment where bearer tokens should never reach production endpoints.

rules:
- filter:
    typeKind: FilterCollection
    operation: And
    children:
    - typeKind: HasAuthorizationBearerFilter
    - typeKind: HostFilter
      pattern: prod-api.example.com
      operation: Exact
  actions:
  - typeKind: RejectWithStatusCodeAction
    statusCode: 403

Reference

hasAuthorizationBearerFilter

Description

Select exchanges having bearer token in authorization.

Evaluation scope

Evaluation scope defines the timing where this filter will be applied.

requestHeaderReceivedFromClient This scope occurs the moment fluxzy parsed the request header receiveid from client

YAML configuration name

hasAuthorizationBearerFilter

Settings

This filter has no specific characteristic

The following table describes the customizable properties available for this filter:

Property Type Description DefaultValue
inverted boolean Negate the filter result false

Example of usage

The following examples apply a comment to the filtered exchange

Select exchanges having bearer token in authorization.

rules:
- filter:
    typeKind: HasAuthorizationBearerFilter
  actions:
  - typeKind: ApplyCommentAction
    comment: filter was applied

.NET reference

View definition of HasAuthorizationBearerFilter for .NET integration.

See also

The following filters are related to this filter:

Frequently asked questions

Does it match any scheme that starts with the word Bearer?

Fluxzy looks for the Authorization header with the Bearer scheme prefix, the standard form used by OAuth 2.0 and most JWT issuers.

Will it match if Authorization is Basic or another scheme?

No. Use hasAuthorizationFilter if you want to match any Authorization scheme regardless of type.

Can I see the decoded JWT contents?

The filter only matches the presence of the bearer scheme. To decode and inspect the JWT payload, combine the filter with logging actions or use the Fluxzy desktop inspector.

Learn more about Fluxzy rules

Rule file syntax reference Importing YAML rules into Fluxzy Desktop Using rule files with Fluxzy CLI
Browse all directives