All REST API calls have to be authenticated with a valid Grape admin account. User Authentication is not enough as the rest api is allowed to manage resources directly on server level (Cross Organization).
There are three ways to authenticate and it depends on your needs what you use.
HTTP Basic Authentication
Session Authentication (only for the interactive swagger docs).