The platform supports both Token Authentication and Session Authentication:
Token Authentication (Primary): After successful login, a token key is returned. Include this in the Authorization: Token <key> header for subsequent API requests.
Session Authentication (Fallback): Session cookie sessionid=<value> can be used on authenticated endpoints.
CSRF Protection: For unsafe methods (POST/PUT/PATCH/DELETE) include X-CSRFToken with the token issued by the site when using session auth.
