That is 100% the correct way to use a bearer token.
There are additional steps often done to provide more security. Usually pertaining to how the user gets that token, and how that token is validated.
Here is Client Credential method.
But there are plenty of different ways to slice the apple 