Each request to the API must be authenticated with a valid API token. You can find both your public and secret API key in the API settings of your project. 
'Authorization': 'Bearer <team_token>'

Public API Key

Your public API key should be used in environments like the browser or mobile apps.
ActionAllowed
Tracking Events✔️
Sending transactional emails
Retrieving contacts
Creating new contacts
Deleting contacts

Secret API Key

Your secret API key should be used in environments like your backend server.
ActionAllowed
Tracking Events✔️
Sending transactional emails✔️
Retrieving contacts✔️
Creating new contacts✔️
Deleting contacts✔️