I use bearer tokens in my current framework. I send a get request to special API endpoint by providing valid credentials, then it will return Access Token. I use that token in my request header and access other API endpoints