diff --git a/lib/flow-typed/npm/base-64_v0.1.x.js b/lib/flow-typed/npm/base-64_v0.1.x.js
new file mode 100644
--- /dev/null
+++ b/lib/flow-typed/npm/base-64_v0.1.x.js
@@ -0,0 +1,26 @@
+// flow-typed signature: 350bbd47d9063ecee4c33220f3f6fa99
+// flow-typed version: c6154227d1/base-64_v0.1.x/flow_>=v0.25.x <=v0.103.x
+
+declare module 'base-64' {
+  declare module.exports: {
+    version: string;
+    /**
+     * This function takes a byte string (the input parameter) and encodes it according to base64.
+     * The input data must be in the form of a string containing only characters
+     * in the range from U+0000 to U+00FF, each representing a binary byte with values 0x00 to 0xFF.
+     * The base64.encode() function is designed to be fully compatible
+     * with btoa() as described in the HTML Standard.
+     * see: https://html.spec.whatwg.org/multipage/webappapis.html#dom-windowbase64-btoa
+     */
+    encode(input: string): string;
+    /**
+     * This function takes a base64-encoded string (the input parameter) and decodes it.
+     * The return value is in the form of a string containing only characters in
+     * the range from U+0000 to U+00FF, each representing a binary byte with values 0x00 to 0xFF.
+     * The base64.decode() function is designed to be fully compatible
+     * with atob() as described in the HTML Standard.
+     * see: https://html.spec.whatwg.org/multipage/webappapis.html#dom-windowbase64-atob
+     */
+    decode(input: string): string;
+  };
+}
diff --git a/lib/package.json b/lib/package.json
--- a/lib/package.json
+++ b/lib/package.json
@@ -37,6 +37,7 @@
   "dependencies": {
     "@commapp/olm": "0.1.0",
     "@rainbow-me/rainbowkit": "^1.1.1",
+    "base-64": "^0.1.0",
     "dateformat": "^3.0.3",
     "emoji-regex": "^10.2.1",
     "eth-ens-namehash": "^2.0.8",
diff --git a/lib/utils/services-utils.js b/lib/utils/services-utils.js
--- a/lib/utils/services-utils.js
+++ b/lib/utils/services-utils.js
@@ -1,5 +1,9 @@
 // @flow
 
+import base64 from 'base-64';
+
+import type { AuthMetadata } from '../shared/identity-client-context.js';
+
 const usingCommServicesAccessToken = false;
 
 function handleHTTPResponseError(response: Response): void {
@@ -9,4 +13,16 @@
   }
 }
 
-export { handleHTTPResponseError, usingCommServicesAccessToken };
+function createHTTPAuthorizationHeader(authMetadata: AuthMetadata): string {
+  // explicit destructure to make it future-proof
+  const { userID, deviceID, accessToken } = authMetadata;
+  const payload = JSON.stringify({ userID, deviceID, accessToken });
+  const base64EncodedPayload = base64.encode(payload);
+  return `Bearer ${base64EncodedPayload}`;
+}
+
+export {
+  handleHTTPResponseError,
+  usingCommServicesAccessToken,
+  createHTTPAuthorizationHeader,
+};
diff --git a/lib/utils/services-utils.test.js b/lib/utils/services-utils.test.js
new file mode 100644
--- /dev/null
+++ b/lib/utils/services-utils.test.js
@@ -0,0 +1,21 @@
+// @flow
+
+import base64 from 'base-64';
+
+import { createHTTPAuthorizationHeader } from './services-utils.js';
+
+describe('createHTTPAuthorizationHeader', () => {
+  it('should return a Bearer token with base64-encoded payload', () => {
+    const authMetadata = {
+      userID: 'foo',
+      deviceID: 'bar',
+      accessToken: 'baz',
+    };
+    const expectedHeader = `Bearer ${base64.encode(
+      JSON.stringify(authMetadata),
+    )}`;
+
+    const result = createHTTPAuthorizationHeader(authMetadata);
+    expect(result).toBe(expectedHeader);
+  });
+});