Documentation confusing regarding token authentication to package registry API

I wanted to learn about token authentication when downloading generic packages. So I started on https://docs.gitlab.com/ee/user/packages/generic_packages/#authenticate-to-the-package-registry which says:

"To authenticate to the package registry, you need either a personal access token, CI/CD job token, or deploy token. [...] Do not use authentication methods other than the methods documented here."

Scrolling down on the same page, the Download package file section suddenly speaks about project access tokens:

When clicking on the link "authenticate with the API" there, https://docs.gitlab.com/ee/api/rest/index.html#authentication tells me:

The "Deploy Tokens" link finally leads to https://docs.gitlab.com/ee/user/project/deploy_tokens/index.html saying:

I guess one needs to differentiate between Gitlab API and package registry API, and header vs. HTTP authentication, but I think some additional clarifications on the different pages would make this much clearer. If someone can tell me the exact intended behaviour, I'd be happy to provide a MR on it. :-)