also, you must have cookies set against the API do...
# support-questions
r
also, you must have cookies set against the API domain, otheriwse refresh would not return 200. It would return 401.