Secure a website

How can I make it so that the website can only be accessed with a token?

How are you defining a token? If your token is static and in the URL or headers, then you can use the WAF to do so. If your token is dynamic or in the request body, then you would need a worker. If you are using Access to secure your site, then you would need a Service Token and bypass rule to allow automation to be able to access your site.

I wanted you to only be able to access the website with a token, I also set everything up in security, but it doesn’t work

How are you going to be passing the token to the website?