A successful login to Keybase will set a
session cookie. This needs
to be passed to all API's.
Client-Generated Auth Token
An alternative scheme is for the client to generate an Auth-Token. See `sig/post_auth` for more information on how to generate such a token. Once generated, the client should include the header:
Both the uid and auth_token fields should be given in hexidecimal representation. This validation will work as long as the auth_token isn't expired or the key that signed it isn't revoked.