I understand that HTTP-header based authorization you need to create an Authorization header with your key value pairs, while in non header based authorization you simply create a query string with your key value pairs but I have 2 questions
1-When would you use one way over another?
2- Are there any rules in regards to POST vs GET for either method? i.e. if using header based authorization do you HAVE TO use a POST request?