Page overlay works when logged in. Using an authentication token works with all other API requests.
When passing an authentication token with the page overlay, the browser asks the user to login and the token is stripped out of the API call.
I have tested this on the latest Piwik release on a local instance, AWS EC2 and innocraft.cloud.
I have also amended Piwik config to disable the iframe overlay and the issue did not clear.
The API is the same domain and /Piwik was always installed to the root of the domain.
Changing access to anonymous resolves the issue, but doesn't fix the problem and I can't run this service without authentication.
Hoping this can be resolved very quickly in the community.
The test is a basic HTML with no scripts used. Just pageA>href>pageB.