Every request must include a Authorization: Bearer <token> HTTP header, where <token> is the Joomla API Bearer token copied from the user account.
Requests that read or write JSON must also include:
Accept: application/vnd.api+json — tells Joomla to return a JSON:API response.
Content-Type: application/json — required on POST and PATCH requests that send a JSON body (not needed for multipart file uploads).