All endpoints except root require authorization with oAuth2. You have to request a token and pass it in the header to all requests as a form. Requesting a token works like posting a form:
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Using any other resource, uses json.

🚧

POST a form to request an access token

Notice the key=value format and the -f parameter for httpie

Content-Type: application/x-www-form-urlencoded; charset=utf-8

Form example, with httpie:

$ http -f POST https://api.movintracks.io/oauth2/access_token client_id=$MT_API_KEY grant_type=password username=$MT_USERNAME password=$MT_PASSWORD

You can find your client ID (your API Key) in your dashboard. There is a unique API key for each application.

Notice the key=value format and the -f parameter for httpie, as explained in the oAuth2 Django Docs
Subsequent requests will need the access_token you just got:

$ http https://api.movintracks.io/v2.0/static-pages "Authorization:Bearer $MT_TOKEN"