It seems to me that the keys they’re talking about are specifically secret keys, as they’re issued upon completing registration and are supposed to be kept secret. So I’m not sure whether that would apply to a bearer token issued on behalf of a user. The phrasing of that section seems a little ambiguous in that regard.