Authentication

Access to the API is secured through authentication tokens (as well as the use of HTTPS as a communication protocol).
A session must be initiated, and authentication is required to establish a new session.

1. Token Expiration and Re-authentication:
   1. Tokens expire after 15 minutes.
   2. If a non-login request (e.g., create a card) responds with a 401 (Unauthorized) code, you must handle re-authentication.
2. Token Characteristics:
   1. Tokens are provided as strings.
   2. It would be best not to attempt to interpret or order tokens based on their structure.
   3. The token structure may change; the only guarantee is that tokens are unique and in string format.
3. Token Length:
   1. Tokens can be very long, up to 4K in size.
   2. It would be best not to make assumptions about the token's length.
4. Token Security:
   1. Tokens are sensitive information and must be kept secure.
   2. Tokens should never be stored on disk to avoid unnecessary security risks, as new tokens can be requested anytime.