Actions: Set session cookie from hash parameter (if available)
Path: /auth/v1/user
Headers: apiKey + access_token
Body: { password }