"""Auth headers, token refresh, and abuse-resistant API usage."""