Authentication

The Auradonors API uses scoped API keys passed via the X-Api-Key header. There is no OAuth flow and no bearer-token model — all programmatic access is per-tenant API keys with explicit permission scopes.

Detailed coverage of scope grammar, rotation, and revocation lands in Phase D — API narrative content.