API requests are authenticated using JWT Bearer tokens. You can get a token from the sign in endpoint.
Make sure you pass the token in the Authorization header of your requests:
NextAPI use Supabase as authentication provider. You can read more about Supabase authentication here.