You can place the bearer access_token for a specific user into the Authentication section of this documentation 👉.
Cards can be created directly through the API using this PCI-compliant endpoint if the card is issued from your company.
Cards can also be created through the OAuth Module by selecting the Connect New Debit Card button. If the card being created is not issued from your company, it must be created through the OAuth module, which is Payment Card Industry (PCI) compliant. Astra is PCI certified.