Minecraft bearer token wiki

About

A Minecraft bearer token is a JWT token used to authenticate with Minecraft's private API, which allows you to do stuff like change your skin, change your username or even join servers! Bearer tokens last 24 hours.

Security

Note that this only lists current security risks, since most security risks have been removed after Minecraft's switch to Microsoft accounts. (for example: accessing your credit card information, changing your account's email, password and security questions, etc.)

Bearer tokens last 24 hours.Bearer tokens can't change account email or password
_{Bearer tokens do not provide the ability to change the associated Microsoft account email or password. To do that, the thief would need access to your Microsoft account itself (i.e., your email and password, or 2FA).}Change account's skin
_{A malicious actor can upload a harmful or offensive skin under your name, which could result in consequences if used on public servers.}Change account's username
_{A malicious actor can change your username to something harmful or offensive, which could result in consequences if used on public servers.}Join servers
_{A malicious actor can join servers and possibly get you banned or face consequences on server by breaking server's rules. It can be huge issue on servers with server economy like Hypixel Skyblock, etc.}

How to obtain your bearer token

• Sign in to your Minecraft account at minecraft.net
• Right click anywhere on the website and click inspect element
• Go to the "console" tab
• Drag following text to your browser's URL shortcuts bar(bookmark), and click it.
(Or alternatively, copy the text and paste it into the console.)

console.log(`; ${document.cookie}`.split(`; bearer_token=`).pop().split(';').shift())

• Copy the bearer token that it shows in the console

Minecraft bearer token documentation

Note: certain information is outdated.

Mojang API Docs on gapple.pw