# accessToken:
#   $ref: "./access_token.yaml"
# csrfToken:
#   $ref: "./xsrf_token_cookie.yaml"
XsrfAuthHeader:
  type: apiKey
  in: header
  name: X-XSRF-TOKEN
  description: |
    Anti-CSRF token. Must match the `XSRF-TOKEN` cookie.
    Required for all state-changing requests (POST/PUT/PATCH/DELETE).