All API's require a X-API header which provides a key, provided via the GEN Portal and allows the use of ALL GEN APIs. This key identifies YOU as the requester, and should only ever be used server side. 

--header 'X-API-Key: 4590yws45hjw45yw45w4y5'

If you need to use these APIs clientside, then you will need to implement a server-side proxy and implement your own CSRF or other token based authentication to protect it.