I have a question regarding point 6, why prefer a custom header for passing api keys when we could use standard Authorization header with bearer scheme?
Hey Jamarob! I'm happy you liked the post - thank you. 😎
You could definitely do that - I think there's no "convention" here, just best practices.
What I usually do is use the "Authorization: Bearer {token}" format when passing JWT tokens, but use the "Api-Key: {apiKey}" format when passing API keys. It's more like a matter of taste I guess.