cc

Authentication

Bearer auth (http)

Opaque server-side API token. Obtain via POST /auth/tokens. The CI worker token used by /ci/progress-reporter is a separate secret and is NOT valid here. Never use browser session cookies for API clients.