All requests require basic authentication. To make a proper request, you must set the authorization header of your request and supply the generated string. The string is your personal key and token with a colon ("demokey:demotoken") converted to a base-64 string. For example...
"demokey:demotoken".to_base64 is ZGVtb2tleTpkZW1vdG9rZW4=
Then, place the string into the authorization header of your HTTP requests...
GET /api/v2/orders HTTP/1.1 Host: app.fetchapp.com Authorization: Basic ZGVtb2tleTpkZW1vdG9rZW4= Content-Type: application/xml
** Please make sure to set the Content-Type header to 'application/xml'. **