zpwquery param like:
12345is whatever the preview lock password is. The user that opens that link will be authenticated for their browsing session, and will be able to free view the site without entering a password.
Authorization: bearer [SECRET KEY]. Authorization headers can be edited in manager ui > settings > security