...

To enable token authentication, a few configuration settings must be added to /usr/local/omk/conf/opCommon.nmis for legacy modules or /usr/local/omk/conf/opCommon.json for current:

1. One or more shared keys must be set up in auth_token_key,
2. optionally, the maximum validity for tokens may be specified in auth_token_maxage,
3. and finally, the authentication method token must be added as one of the three supported authentication methods.

...

Once the client has accessed the first page, they have been issued auth cookies and all standard URLs work without the token string in the URL.  You will want to consider how the user is handled to re-authenticate them if the session expires.

Using the token based authentication in the header

We can make API requests against the Opmantek product by passing your generated token within the header of your request.

Authorization: Token <data>

Token Content and Interoperability Notes

...