(quicklisp:quickload :drakma)

(let* ((drakma:*text-content-types* '(("application" . "json")))
       (token "helloworld")
       (authorization (concatenate 'string "token" " " token)))
  (drakma:http-request "https://httpbin.org/get"
                       :user-agent "my user agent"
                       :additional-headers `(("Authorization" . ,authorization))))

雰囲気でバッククォートとカンマを使ってみたらうまくいった。こういう形にしないと “Authorization: AUTHORIZATION” というヘッダが送信されてしまってうまくいかない。

token が評価された後に authorization を評価しないといけない（評価される順序が大事）なので let ではなく let* を使う。

CL-USER> (let* ((drakma:*text-content-types* '(("application" . "json")))
       (token "helloworld")
       (authorization (concatenate 'string "token" " " token)))
  (drakma:http-request "https://httpbin.org/get"
                       :user-agent "my user agent"
                       :additional-headers `(("Authorization" . ,authorization))))
"{
  \"args\": {}, 
  \"headers\": {
    \"Accept\": \"*/*\", 
    \"Authorization\": \"token helloworld\", 
    \"Connection\": \"close\", 
    \"Host\": \"httpbin.org\", 
    \"User-Agent\": \"my user agent\"
  }, 
  \"origin\": \"42.148.188.233\", 
  \"url\": \"https://httpbin.org/get\"
}
"
200
((:CONNECTION . "close") (:SERVER . "meinheld/0.6.1")
 (:DATE . "Thu, 17 Aug 2017 18:21:49 GMT") (:CONTENT-TYPE . "application/json")
 (:ACCESS-CONTROL-ALLOW-ORIGIN . "*")
 (:ACCESS-CONTROL-ALLOW-CREDENTIALS . "true") (:X-POWERED-BY . "Flask")
 (:X-PROCESSED-TIME . "0.000737905502319") (:CONTENT-LENGTH . "260")
 (:VIA . "1.1 vegur"))
#<PURI:URI https://httpbin.org/get>
#<FLEXI-STREAMS:FLEXI-IO-STREAM {100599E4A3}>
T
"OK"