Should I used custom HTTP Header to pass JSON web token or HTTP Authorization
header in my RESTFul services.
I have already read Custom HTTP Authorization Header but could not understand clearly drawback, if I use header like - X-ABC-Token
.
After reading REST Authorization: Username/Password in Authorization Header vs JSON body, I feel Authorization seems good choice.
If I use HTTP Authorization then I believe I can use scheme bearer to achieve this as mentioned in rfc6750
Please suggest me what are the best ways to pass this token in each HTTP request.