The authentication is based on Jira's REST API authentication, so you can use HTTP basic authentication using some your user credentials.
Jira allows you to create Personal Access Tokens, which TDO also can use. These tokens can be created in the user's profile section in Jira and have an expiration date; they can also be revoked at any moment (more information here).
To use them in Jira's and in Xray TDO’s REST API calls, we need to use the HTTP header "Authorization" with the "Bearer <token><yourToken>" value. Here is an example:
curl -H "Authorization: Bearer <yourToken>" https://{baseUrlOfYourInstance}/rest/api/content