API requests are authenticated using JWT Bearer tokens. You can get a token from the sign in endpoint.
Make sure you pass the token in the Authorization header of your requests:
Authorization
'Authorization': 'Bearer <access_token>'
NextAPI use Supabase as authentication provider. You can read more about Supabase authentication here.