Every request you make to the Web API must be authenticated by including an authorization in the header. You must supply the authorization OAuth access token in the request header of all operations.
If the token is not supplied or is invalid, the request is rejected.
For example:
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSIsImtpZCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJjbGllbnRfaWQiOiJTUEVQIiwic2NvcGUiOiJTUEYiLCJzdWIiOiJGdXNpb25WaWV3ZXIiLCJhbXIiOiJwYXNzd29yZCIsImF1dGhfdGltZSI6MTQzNjk0OTAzMCwiaWRwIjoiaWRzcnYiLCJuYW1lIjoiRnVzaW9uVmlld2VyIiwiQ2xpZW50SG9zdE5hbWUiOiJyYWQiLCJpbmdyLnNlc3Npb25faWQiOiJkZjlhNTk5NTNkYjI0OGJmYTY2ODI0ZjQ4NWFlMjdjNyIsImlzcyI6Imh0dHBzOi8vbG9jYWxob3N0L3NwZmNvbmZpZ3NlcnZpY2Uvc3BmYXV0aGVudGljYXRpb24vb2F1dGgiLCJhdWQiOiJodHRwczovL2xvY2FsaG9zdC9zcGZjb25maWdzZXJ2aWNlL3NwZmF1dGhlbnRpY2F0aW9uL29hdXRoL3Jlc291cmNlcyIsImV4cCI6MTQzNjk1MjYzMCwibmJmIjoxNDM2OTQ5MDMwfQ.AU5iv6lnbM_SuLivW4d3zUHvZACALMdlmao53vbgfqho76TIRMMQQZZlaJIbo_uXawkZeDZv-dsFsm7LSSRSX6YQMg8H-GjD5cvid7OeoaitqKCjAYDcfRX60ZBQOTW6dz3iOtxKPNFnvZ_13BWundKwHFP3BHJ7oEAtX6kraI-lgosbpy9l3iDRR-pB3VZ0ttEw50yFXXadAzgSz8D6jSGqrRRDvgGUGlC76mK5bhZKsxtvb-gw7EpKSP7Cvo2Tx-tSorP9gaf2YN6GDz7uDp7xXuSpQKbaoWYTe-RbjS2xyFdA3UmbFi2w7MoMxnCJo8NZXL1YsZn6XzCOV8FfAw