API keys have been around for a long time without needing the prefix. I could understand the Bearer prefix when using JWT-style tokens. I could also see using it if there were indeed an Oauth flow involved. But in this case just seems like a nuisance.