A valid access token (proof of identity) can be obtained via the /accesstoken endpoint. It has a 5 minutes validity period.

In: header