You can call Crisalix API's by including either an access_token query parameter or an Authorization: Bearer HTTP header.
When possible, the HTTP header is preferable, because query strings tend to be visible in server logs.
HTTP GET examples
GET /patients HTTP/1.1
Authorization: Bearer <access_token>
Host: api3d.crisalix.com
Here is a call to the same API for the authenticated user using the access_token query string parameter:
GET https://api3d.crisalix.com/patients?access_token=<access_token>