I am currently building an API using Slim Framework and I've been doing some research on how to send over API credentials/keys. I often see people referring to header information to send the API key. My question is why that method is preferred over sending this data simply via body variables?
It is considered best-practice to have them in headers because that is what they were designed for.
Ref: https://en.wikipedia.org/wiki/List_of_HTTP_header_fields See Authorization header