All requests require basic authentication. To make a proper request, you must set the authorization header of your request and supply the generated string. The string is your personal key and token with a colon ("demokey:demotoken") converted to a base-64 string. For example...

"demokey:demotoken".to_base64 is ZGVtb2tleTpkZW1vdG9rZW4=

Then, place the string into the authorization header of your HTTP requests...

GET /api/v2/orders HTTP/1.1
Host: app.fetchapp.com
Authorization: Basic ZGVtb2tleTpkZW1vdG9rZW4=
Content-Type: application/xml

** Please make sure to set the Content-Type header to 'application/xml'. **