We currently treat access tokens and bearer tokens differently. We did have a discussion about treating bearer tokens the same as access tokens but it has not been implemented. So currently you have to pass access tokens in the url as a parameter and a bearer token in the headers as an Authorization header.
You can use both of them for the same app but the way to create them is different.
