Basic HTTP Authentication or Cookie-based authentication are mandatory when accessing almost all URLs (explicitly documented if it is not the case). The authentication cookie is generated after a basic HTTP authentication and has a limited life-time (generally 1 hour or until the end of the session). Note that cookie’s content is encrypted.
A typical authenticated request using curl would look like this:
curl --user admin:secret ...
where ‘admin’ is the username and ‘secret’ the password.