It is needed because the full authorization string required by vCita has to follow that format. The trick is to see how they perform a request in the Request Headers part of your screenshot above.
Every API has their own way of authorizing user. Stripe and Sendgrid use “Bearer” as the keyword. vCita, in this case, uses “Token”. Hence it’s not about the performance, it’s just the requirement of the API.