I believe it is generally considered unwise to attach your authentication token to the URL, as it's highly likely to end up in a bunch of access logs.

If the token is only good for one use or for a short period of time (minutes not hours) it's probably fine. I've used them in URL's for invite links. One time use that expire after a short amount of time. Probably not perfect for high security applications like banks or health care but for most applications it's fine.