tokens are passed with the Authorization http header
Authorization: Bearer <token value>
the server should verify the token is valid typically with some encrypted known value.
typically you supply an api to generate a token. a internet standard for the api is oauth:
a common bearer token format is jwt: