/Knowledge/sources/honojs__hono/llms-full/bearer-auth-middleware-usage--part-02--21208846c880.md
Bearer Auth Middleware: Usage (part 02) - hono-docs
Bearer Auth Middleware: Usage (part 02) Source evidence: /Sources/honojs hono/provenance.md Canonical citation: https://hono.dev/llms full.txt usage Summary...
Bearer Auth Middleware: Usage (part 02)
Source evidence: /Sources/honojs__hono/provenance.md Canonical citation: https://hono.dev/llms-full.txt#usage
Summary
To implement multiple tokens (E.g., any valid token can read but create/update/delete are restricted to a privileged token): ```ts const app = new Hono() const readToken = 'read' const privilegedToken = 'read+write' const privilegedMetho...
Content
To implement multiple tokens (E.g., any valid token can read but create/update/delete are restricted to a privileged token):
const app = new Hono()
const readToken = 'read'
const privilegedToken = 'read+write'
const privilegedMethods = ['POST', 'PUT', 'PATCH', 'DELETE']
app.on('GET', '/api/page/*', async (c, next) => {
// List of valid tokens
const bearer = bearerAuth({ token: [readToken, privilegedToken] })
return bearer(c, next)
})
app.on(privilegedMethods, '/api/page/*', async (c, next) => {
// Single valid privileged token
const bearer = bearerAuth({ token: privilegedToken })
return bearer(c, next)
})
// Define handlers for GET, POST, etc.
If you want to verify the value of the token yourself, specify the verifyToken option; returning true means it is accepted.
Metadata
{
"chunk_index": 1,
"citation": "https://hono.dev/llms-full.txt#usage",
"coverage_role": "overview",
"qualified_title": "Hono / llms-full / Bearer Auth Middleware > Usage (2)",
"retrieved_at": "2026-07-02T05:51:01Z",
"section_index": 250,
"source_id": "/honojs/hono",
"source_type": "llms_full",
"target_label": "llms-full",
"title": "Bearer Auth Middleware: Usage (part 02)",
"upstream_url": "https://hono.dev/llms-full.txt",
"version": "2026"
}