Different endpoints authenticate requests in different ways, some add these tokens in to the request Headers and some do this via query parameters.
It’s why I wanted to do a quick check for that APIs Auth method from the documentation. If they provide a URL, that can be added straight into the app to see what needs to be filled in.
Sometimes they provide a Curl request which can also be imported into the app. That might place the Auth method into a header.
It’s not that your not using any Auth, it’s just that you’re not using the helper to do what you did straight into the URL.