@MichelDiz thanks!
For some reason I had in mind that the X-Auth-Token is equivalent than the X-My-Auth-Token which holds the user claim. It’s been a long time since I’ve set up auth… Sorry!
However, if I understood correctly the X-Auth-Token is equivalent to the DG-Auth header which controls the unauthenticated access on cloud. The DG-Auth value is either a client or an admin key and thus Token might be a bit misleading.
Any comments on 1?
Update
@MichelDiz by the way, I knew that the X-Auth-Token was the @auth token in earlier docs! 
Had to check for my own sanity… However, I think the X-Auth-Token header value should be removed and replaced by DG-Auth only. It’s not a token, it’s either an admin or a client KEY. Not sure where else it appears in the source code though.