Each client has a private key, which they have to send to the server in a header in each request, like this:
X-MY-AUTH-CODE: {PRIVATE_KEY}
I've found a list about HTTP Authentication Schemes, but I have no idea, which one is this. What sould I write in the response header WWW_Authenticate, if a client does not provide a valid key?
the value can be anything that you want as long as the client can understand how to provide the authentication (the header in your case). I have answered a similar question before and this could help. HTTP 401 Unauthorized when not using HTTP basic auth?