- Admin token (Central domain): required for central administrative endpoints. Retrieve it securely from the Dashboard when authenticated; the underlying
/admin-configendpoint is not public and requires an authenticated session. - Tenant token (Tenant domain): required for tenant-scoped endpoints. Also retrieved from the Dashboard when authenticated on the tenant domain.
Headers
Keep central and tenant tokens in separate environments. Do not expose tokens in client-side code.