docs/security.md

# Security: Bearer Token Auth

All endpoints require authentication via Bearer token:

- Set `SECRET_TOKEN` in `.env`
- Add header: `Authorization: Bearer <SECRET_TOKEN>`

Unauthorized requests receive `403 Forbidden`.

[🔙 Back to Main README](../README.md)