Get an API access token

Generates a unique token with every successful call

• NOTE: this header is deprecated and subject to removal in a future release; Set the X-Auth-Refresh-Token header to true with any authenticated API call in order to automatically extend the token expiration for the calling user.
  Requires the token used in the authenticated request to be valid and not yet expired
• Token will be usable for the number of minutes stored in the token_lifetime property of the calling user
• To determine what the value of token_lifetime is for the calling user, see the value returned within GET /api/users/current
• The default token_lifetime property value is 30 minutes; this can be changed via the Settings API
• Users which are mapped to authentication sources of type pki are required to include their client certificate with every request where the authentication token obtained here is used
• The Authorization key in the Cookies header will be set such that HTTP clients supporting sessions can transparently make requests that require authentication as long as the token is valid
• A maximum of 10 tokens can be used concurrently by a single user
  • Additional token requests beyond the above limit will cause the oldest token to be deleted at the time of provisioning a new token
  • See also DELETE /auth/token - users can explicitly delete their authentication tokens (instead of waiting for token expiration or rotation)