API authentication takes place by requesting a bearer token from the WMDA Azure AD as explained here: