Complete reference for the Supplement Atlas REST API. All endpoints return JSON unless noted otherwise. State-changing endpoints require a valid X-CSRF-Token header.
/api/health, /api/login, and /api/register require an authenticated session cookie. Endpoints that modify data also require the X-CSRF-Token header (returned by GET /api/me).