Opinions needed on web security and Tokens

Hi everyone. I would like peoples opinion on the level of security achieved via the following cloud access methods. according to the users guide, you can pass you token to the cloud in one of 3 ways:

There are three ways to send your access token in a request.

  1. In an HTTP Authorization header (always works)
  2. In the URL query string (only works with GET requests)
  3. In the request body (only works for POST & PUT when body is URL-encoded)

I have created 3 Curl commands to implement each option. each command performs a different task, but the token is passed as described above.

  1. curl -H “Authorization: Bearer (token)” https://api.particle.io/v1/devices/(id)/digitalwrite -d “arg=D7,HIGH”
  2. curl https://api.particle.io/v1/devices/events?access_token=(token)
  3. curl https://api.particle.io/v1/devices/(id)/led -d “arg=off” -d access_token=(token)

Now, let’s ignore the pre-internet security (things like browser logs, local net sniffing, etc) and focus on just the https transfer between my server and particles server. Is any one of these methods more or less secure than the others?

My research shows that they are all relatively secure, but -H option is a little harder to intercept. Plus I am FAR from a security expert.

What are peoples thoughts on the matter?

Thanks for your time!

In my opinion and In this context, considering that is made use of secure connection SSL / TLS, you can make use of the method you prefer. Basically, it creates a secure channel between the client and the server before sending any information.