This is the answer from StackOverFlow
Authorization: <type> <credentials> pattern was introduced by the W3C in HTTP 1.0, and has been reused in many places since. Many web servers support multiple methods of authorization. In those cases sending just the token isn’t sufficient.
Sites that use the
Authorization : Bearer cn389ncoiwuencr
format are most likely implementing OAuth 2.0 bearer tokens.The OAuth 2.0 Authorization Framework sets a number of other requirements to keep authorization secure, for instance requiring the use of HTTPS/TLS.
If you’re integrating with a service that is using OAuth 2.0 it is a good idea to get familiar with the framework so that the flow you’re using is implemented correctly, and avoiding unnecessary vulnerabilities. There are a number of good tutorials available online.