What does OAuth 1.0 realm stand for?

Question

The OPTIONAL realm parameter is added and interpreted per [RFC2617], section 1.2. [OAuth 1.0]

What is the difference between a request with and without a realm field?

Answer 1

The authentication parameter realm is defined for all authentication schemes:

  realm       = "realm" "=" realm-value
  realm-value = quoted-string

The realm directive (case-insensitive) is required for all
authentication schemes that issue a challenge. The realm value
(case-sensitive), in combination with the canonical root URL (the
absoluteURI for the server whose abs_path is empty; see section 5.1.2 of [2]) of the server being accessed, defines the protection space.
These realms allow the protected resources on a server to be
partitioned into a set of protection spaces, each with its own
authentication scheme and/or authorization database. The realm value
is a string, generally assigned by the origin server, which may have
additional semantics specific to the authentication scheme. Note that there may be multiple challenges with the same auth-scheme but
different realms.

Source: https://www.rfc-editor.org/rfc/rfc2617

Answer 2

The Provider basically decides if this is of any importance. It is the counterpart of the WWW-authenticate response header. If a sever returns a WWW-authenticate header of 'OAuth realm="https://api.example.com"' then it probably parses that value from the Authenticate request header in the OAuth process.

These headers have a more direct implication when using HTTP-basic authentication since all browsers support this.

When using OAuth and WWW-authenticate header it is mostly good form I would say. With the added benefit of not having API responses cached in proxies/nodes across the Internet.