If the API is using bearer authenticaton then typically the token would be inserted into the HTTP headers.
The bearer authentication token would be of the form:
Authorization: Bearer <token>
A literal value for this header can be added to the request made by the HTTP node using the 'Header' property of the node. However, it may be more appropriate to obtain the value(s) for the header(s) to be included in the request from an input field - you can select the '(from field)' source option and specify the field on the input that contains the header information.
If the token is to be included in the HTTP URL then the URL would normally be constructed to have the form:
https://my-rest-api-service.com/api/endpoint?authtoken=<token>&other-attribute=something
You can construct the URL and pass that into the HTTP node in a specified input field.
The data flow attached to this article provides an example of the exercising the Analyze REST API using a token (the 'ltk' attribute)
https://support.infogix.com/hc/en-us/articles/360025961593-Using-the-REST-API-in-Data360-Analyze