I understand that HTTP-header based authorization you need to create an Authorization header with your key value pairs, while in non header based authorization you simply create a query string with your key value pairs but I have 2 questions
1-When would you use one way over another?
and
2- Are there any rules in regards to POST vs GET for either method? ie if using header based authorization do you HAVE TO use a POST request?
