The most secure and recommended method is to pass your access token in an
Authorization: Bearer <<apiKey>>
For easier debugging and specific applications, it can be helpful to pass your token in the URL:
This is potentially less secure.
We recommend not passing your access token in the URL on insecure networks or behind VPNs where traffic logs could potentially be snooped.