The authentication process provides you with an access token. Most API calls need such an access token, so that they know the identity of the caller. You send the access token in the Authorization request header field, as described in RFC 6750, section 2.1. You need to use the Bearer authentication scheme to transmit the access token. For example (in plain text HTTP): GET /z HTTP/1.0 Authorization: Bearer eyJhbGciOiJIUzUxMiJ9.eyJfdGsiOjEsImV4cCI6MTYwMTczMTI3NSwiaWF0IjoxNjAxNzMwNjc1LCJzdWIiOiJhYmMiLCJ6aWQiOiIyMDIwMTAwMzE1MDEwMCJ9.ekhXkvn146P2bMKFQcU-bNlvgbeO6sS39hs6U5EKfjIqnSInkuHYjYAIfUqf_clYRfr6YBlX5izii8XfxV8jhg Note, that there is exactly one space character ( , U+0020) between the string Bearer and the access token: Authorization: Bearer eyJhbGciOiJIUzUxMiJ9.ey.... If you use the curl tool, you can use the -H command line parameter to set this header field.