Typically, we use JWT tokens for token-based authentication. For all subsequent requests to the API, the token is passed with the request, preferably in the request header.