Authentication

All routes are protected by default. The client verifies that an Authorization header is present after request interceptors run.

// Protected (default) — interceptors must attach the Authorization header
const [error, data] = await client.GET('get-users')

// Public — skips the Authorization check entirely
const [error2, data2] = await client.POST('login', credentials, { auth: false })

[!CAUTION] If auth is true (the default) and no Authorization header is present after interceptors run, the client throws synchronously — it does not return an error tuple.