The Bearer prefix is optional. The prefix helps identifying what type of token authentication you are delivering. If there is only bearer token to accept, most APIs simply remove "Bearer " from Authorization header string. WeatherKit REST API seems to do this, too.
TheVaan
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution
From
Unna
Post
Replies
Boosts
Views
Activity
The Bearer prefix is not relevant. I tried with and without „bearer“. Whenever a JWT token is used you will get 500 Internal Server Error - content of the JWT doesn’t play a role. As soon as you omit the authentication header or write random stuff into the field you will get 401 Unauthorized.
I think the JWT validation has a bug and crashes on each validation (explains 500).
A correct working validation would return 401 Unauthorized when JWT isn’t valid.