Would this help you? https://docs.mendix.com/refguide/call-rest-action#3-http-headers
In the rest services you could select `Custom` authentication
The headers are available in the custom flow, you can do all kind of things you probably need.
Alternative you, set it to no authentication, and implement something in side the exposed microflow, as this can also access header information.
Please let me know if this works for you too.
As explained by Andries, you can use custom authentication in your published REST API.
If you want to use tokens as authentication/authorisation, you need a token server. Do you want to use an external token server, like Azure or Google? Then you need to build logic to verify the token, either by a REST call to the identity provider or by verifying the token yourself and check the certificate. Don't forget to implement authorisation, for example using the claims in a token.
Or do you want to generate your own tokens? Most used are JWT (Json Web Tokens). You could take a look to the JWT-module in the appstore to build this functionality. This module can also help to locally verify tokens, like the website jwt.io shows.
Good luck and let us know what you did!