bbeb2a96e4
Authentication for API calls will be handled using an access token in the "Authorization: OAuth access_token" style. Browsers do not use this when making requests unless they use an XmlHttpRequest. If the value used as the access_token is not available cross-site then the API call cannot be made by hijacking attempts. Change-Id: I33654bcaa247cb95a57b03d2df112ca95e970185