REST API docs should recommend passing access token via header, not parameter

[C-nit]

The REST API documentation suggests to pass the access token as a url parameter:
https://developers.zenodo.org/#quickstart-upload:~:text=deposit/depositions%27%2C-,params%3D%7B%27access_token%27%3A%20ACCESS_TOKEN%7D,-)%0Ar.

While this might be handy to have when one doesn't have access to developer environment (as one can issue authorized GET calls in a browser), I understand that secrets should generally not be passed via url query parameters.
The reasons are discussed here: https://blog.httpwatch.com/2009/02/20/how-secure-are-query-strings-over-https/

Given that it's already possible to pass the access token via headers, I would propose to change the documentation to recommend this way instead.
I hope this is the correct place to suggest this.

---

An example with python and the httpx package:

from httpx import Client

auth_header = {"Authorization": f'Bearer {os.environ["ZENODO_ACCESS_TOKEN"]}'}
client = Client(base_url="https://zenodo.org/api/", headers=auth_header)

r = client.get("deposit/depositions")
r.status_code
r.json()