After getting the session id from /api/login, following requests should be authenticable without cookies. For example just setting the “Authentication”-header.
There is frameworks (namely QML from Qt) that do not allow setting cookies on requests because “they are not browsers”.
I think this would only require a quite simple middleware.