Authentication is done via a token in the Authorization request header:
Authorization: Token <token>
The token is stored in the API_TOKEN environment variable.
The server will respond with 401 Unauthorized if the token provided in the request is invalid.