This is an old revision of the document!
In principle, vmcatcher subscriptions to private image lists could be realized by following Basic Authentication as defined in RFC2617.
vmcatcher_subscribe --auto-endorse -s \ https://abcdefg-1234-1a2b-3c4f-123456790:firstname.lastname@example.org/store/vappliance/demo.va.private/image.list
for more information about HEPiX VMCatcher, please read the manual.
In short, you should handle your personal access token as the 'username' and x-oauth-basic as the 'password' for basic Authentication over HTTPS.