From searching for discussions around CircleCI API and cookies it seems like at least some API endpoints might accept session cookies for authentication.

I guess we'll have to wait for a CircleCI statement to address this in detail (or someone testing it).