# API Reference ## Authentication All endpoints except `/health` and `/api/v1/auth/login` require a Bearer token. ``` Authorization: Bearer ``` ## Errors | Code | Meaning | |------|---------| | 400 | Bad request / validation error | | 401 | Missing or invalid token | | 403 | Insufficient permissions | | 404 | Resource not found | | 500 | Internal server error | ## Rate limiting 100 requests / minute per IP. Headers: `X-RateLimit-Remaining`, `X-RateLimit-Reset`.