That is more than likely what I'll have to do for now until this can passed globally. Thanks @pitaj
I installed the write-api plugin, created a master token and I am able to access the usual suspects such as
/api/topics via the read-api.
However, I cannot access backend url's:
% curl -H "Authorization: Bearer $token" "https://www.foo.bar/api/admin/manage/privileges/?_uid=1" "not-authorized"
If I access this url via chrome (once logged in into the admin backend), I get JSON output as expected.
Is this unsupported or am I doing something wrong?