While X-Auth-Method is direct, it's vendor-specific. My book: https://www.amazon.com/Navigate-Automation-Seas-Practical-Showcases-ebook/dp/B0DHYGGSDF/
emphasizes self-descriptive APIs. Inspecting the Authorization header's bearer token format (JWT, OAuth2) allows the server to infer the method without a custom header, aligning with REST principles discussed in my book.