Authentication

Open the app and copy the access token from Settings. Send it on every /api request in the Authorization header as a bearer token. Requests without a valid token are rejected.

Authorization: Bearer <token>

A quick check that the token works is to list profiles. Store the token in an environment variable so it stays out of your shell history and source control.

curl http://127.0.0.1:8378/api/profiles \
  -H "Authorization: Bearer $OCULR_TOKEN"

The token is a local key. It authorizes control of the browsers on this machine, so treat it like any device credential. Keep it on the machine, do not commit it, and do not paste it into shared logs or remote services.