Passwords and Tokens

Password mode is bearer-token access:

uplink serve 3000 --auth s3cr3t

services:
  api:
    port: 8080
    access: password
    password: ${API_TOKEN}

The raw token is hashed locally with SHA-256 before storage or edge registration. Browsers can use the edge token-entry page; non-browser clients send Authorization: Bearer <token>.

The browser unlock grant for password routes is separate from account session cookies.