Auth is not automatically enabled because this requires some
bootstrapping to work.
I'll leave this for some future work.
In the meantime people can use the current code similar to how they used
the node-cli code to inject their own auth.
This moves API handling into the node object so now everything can be
done in one place.
TLS is required.
In the current form, auth must be setup by the caller.
