All protected API routes are secured with a bearer token. To access a protected route, an "Authorization" header has to be appended with the content "Bearer <token>". A valid token can be retrieved by calling the login API.