How do I authenticate users from a mobile app?
The same client-side API works outside the browser — the difference is cookies. Read the session token from the login response and send it on later requests in an "Authorization: Bearer" header instead of relying on the Forte-User-Session-Token cookie.
The session token is the user's credential, not your project's: never ship FORTE_API_TOKEN inside an app.