API keys have been around for a long time without needing the prefix. I could understand the Bearer prefix when using JWT-style tokens. I could also see using it if there were indeed an Oauth flow involved. But in this case just seems like a nuisance.
As for why it's "Bearer", here's ChatGPT's answer:
> The term "Bearer" is commonly used in the context of securities and financial instruments to refer to the person who holds or possesses a particular security or asset. In the case of OAuth 2.0, the bearer token represents the authorization that a user has granted to a client application to access their protected resources.
> By using the term "Bearer" in the Authorization header, the OAuth 2.0 specification is drawing an analogy to the financial context where a bearer bond is a type of security that is payable to whoever holds it, similar to how a bearer token can be used by anyone who possesses it to access the protected resource.
Bearer indicates the type of credential being supplied in the Authorization header. Bearer tokens are a type of credential, introduced in RFC6750 [0]. Essentially the OpenAI api key you’re using is a form of bearer token, and that’s why the Bearer type should be included there.
Other authentication methods (like username/password or “Basic”) use the Authorization header too, but specify “Authorization: Basic <base64 encoded credentials>”.
"Authorization: Bearer $OPENAI_API_KEY"