REST API Authorization
Each request must include a bearer HTTP authentication header. Authentication tokens are created in the section Account Management — Access to API — REST API and can only be restricted by specific access levels - scope:
In the example on the screenshot, an authorization token is created, and when used, requests are made on behalf of the employee Vladislav Ivanov (i.e., requests for tasks only the contacts available to him).
If API access is required with the ability to modify all contacts, then a robot should be used for these purposes.
The bearer authorization header looks like this:
The authorization token is passed as a parameter for GET requests: access_token.