Endpoints that require authentication accept a bearer token via
Authorization.
curl -sS \
-H "Authorization: Bearer $TOKEN" \
https://api.example.tld/v1/meNotes
Tokens should be scoped to a service and rotated periodically. If a token leaks, revoke and rotate instead of adding complex client-side workarounds.