Abundera QR Pro / API / Internal

Internal surface. These endpoints are service-to-service. They reject anonymous requests with 401 and require either a service-secret bearer header (admin) or a hub-issued session cookie (auth / billing). Not part of the customer REST API contract.