API key ile kimlik doğrulama
Auth endpoints are public — they use API Key + Secret (or headers), not Bearer token.