Support download access by PRIVATE-TOKEN header
Currently there is no way to download a raw file without embedding the token in the URL, which exposes the token in the URL and exposes a security issue. There should be an way of sending this information via the header as the API does.