Authentication

Create an API key in the onboarding wizard or organization settings. Send Authorization: Bearer <key>. Keys are shown once at creation; store them in a secret manager.

Browser session routes use CSRF protection where applicable. Server-to-server ingestion uses Bearer only.