Our API uses OAuth 2 for authentication. All authentication happens by requesting an access token to access resources by using your CLIENT_ID and CLIENT_SECRET combination.
Credentials are always linked to your website domain.
Never share your CLIENT_ID or CLIENT_SECRET with outsiders. In the future we will be introducing scopes to credentials which will allow you to create credentials for outsiders to access only limited resources from your domain, but for now all credentials have full access to your site data.
To learn how to request an access token please read about the /token endpoint