All API calls require you to add a personal access token. A new personal access token can be created in your intermediary dashboard.
Personal access tokens can access all data from your account and are only shown once. Please make sure you store the token in a secure place. If your token somehow gets compromised you have the ability to revoke the personal access token in the token overview in your dashboard.