Making a file protected with the same system than the endpoint available in an Ember app

The ember App run on top of a rails API.

For authentication It uses a token header (with devise server side)

I have an index action that return a CSV when the request add .csv to the URL :

        respond_to do |format|
          format.json {json_response @custormer_info_requests.page(@page).per(@size)}
          format.csv {send_data @custormer_info_requests.to_csv, filename: "demandes.csv"}
        end

The problem is that a direct link like this : <a href='/marketadmin_api/v1/customer_info_requests.csv?partner_id='>File</a>

Fails with a 401 because there is no auth header.

How do you allow users to download protected files ?