JWT Bearer
Use JWT when the request acts on behalf of a logged-in user. First call POST /api/v1/auth/login, then send:POST /api/v1/auth/logoutGET /api/v1/auth/me
API key
Use API keys for scripts, automation, CI/CD, and MCP. API keys also use theAuthorization header. Do not use the legacy custom header form:
/mcp only accepts API keys.