Allow authentication against Card API as deployed behind Apigee

Currently the prototype Card Client doesn't attempt to authenticate in any way. Once the Card API is deployed behind Apigee the client will need to authenticate using credentials issued through Apigee.

We should also default the base_url of the Card API to the production instance of the Card API deployed behind Apigee.