REST api provides a POST /auth/login/:apikey endpoint for requests to obtain the session token. Please, consider changing this to POST /auth/login and carrying the apikey within the payload of the said request.