The Security API, when present, requires all endpoints to be provided with an authentication token.
This API allows you to generate authorization tokens. You must include these tokens in the authorization header of every other request you make.
POST /tokenDescription
PATCH /pskChange the PSK. Invalidates all tokens.
GET /attachment-sessionSets a cookie allowing browsers to load attachments using elements. No body is returned, but a attachment_session cookie is set. Make sure to include your authorization token.