This API uses cookie-based authentication with Supabase. After authenticating through the webapp, your session cookie will be included in subsequent requests to authenticate API calls.
All endpoints (except /status and /api/redirect GET) require authentication.