data.user.auth value and send it as the raw Authorization header on subsequent requests (no Bearer prefix). The response also sets a signed auth cookie, so browser clients are authenticated automatically on the same origin.
Request
POST
https://api.4cx.io/user/login POSTContent-Type: application/json only (no Authorization)
data.user.auth as the raw Authorization header value on subsequent requests.