Kegberry DIY authentication

If I wanted to add another authorization method like has been suggested by others (NFC, badge reader, etc), what are the high level steps?

My assumption was:
make a DIY board to talk to the authentication reader, then it sends a GET/POST to the REST api of the server. If it gets a successful response, it can trigger a solenoid to open the pour.
Am I missing any steps?

Currently I have a DIY board that can talk to the card reader ok, and can run python scripts to GET/POST to the RESTful server. So what I am trying to understand is exactly what is the format of the GET/POST.
I have seen the comments about “adding a token manually, or through the REST api”, but my attempts to do this via curl > curl http://localhost/api/auth-tokens/rfid.1234/?api_key=abcd
respond with “Not an API endpoint”. I have manually added a token, but not sure if I did it correctly

So I tried a few curl attempts, all the same response.
curl http://localhost/api/auth-tokens/core/rfid/?api_key=abcd
curl http://localhost/api/auth-tokens/core.rfid/1234/?api_key=abcd
curl http://localhost/api/auth-tokens/rfid/1234/?api_key=abcd

Obviously I’m just guessing, so any concrete examples of how to format would be appreciated.