Authentication is done through a token, that can be acquired through the login page. It is afterwards stored in the cookies and sent
through the Authorization header.
We are currently working on a system to allow for token generation without the exchange of passwords.
Some routes may be used without the usage of a token.