I’m not sure I understand your question entirely. But normally the APIs would expect a certain header / cookie key to be present in the request from which they would get the access token