Get Request work in postman but doesn't work in browser

The issue was that Api can't identify that the request which contains the required header info for Authentication, I added Authentication array in AppController to allow using both Basic Auth and Token Auth when receiving json request, this work fine for all requests except for this one ( Download pdf ) I've tried to add

$this->Auth->authenticate['Token'] = array(
                'fields' => array(
                ),
                // 'parameter' => '_token',
                'header' => 'AuthenticationToken',
                'scope' => array(
                    'User.permission_api_login' => true
                )
        );

again in Controller and it works fine!!. it seems that it can identify the Token now and return a valid file!

If I fully understand you want to authenticate with a bearer token instead of basic authorization. In case you want basic, you can use the following headers in your request:

const httpOptions = {
    headers: new HttpHeaders({ 
        'Content-Type': 'application/json',
        'Authorization': 'Basic ' + btoa('username:password')
    })
};

In case of bearer authorization, you can do the following:

const httpOptions = {
    headers: new HttpHeaders({ 
        'Content-Type': 'application/json',
        'Authorization': 'Bearer ' + JSON.parse(your token)
    })
};

Hope it helps!