The Administrator API supports token based authentication. In order to use the API, you must provide a token that has been acquired in exchange for administrative credentials. Another way to use the API would be to log in into the Administrator Directory application which is the HTML face of the API.
Due to the sensitive nature of information exchanged between the Administrator API and its consumer, it is recommended that the API be accessed over an SSL connection. Minimally, the Generate Token operation must be accessed over an SSL connection as it requires an exchange of administrative credentials.
You need to have administrative privileges to consume the Administrator API. Administrative privileges can be acquired in one of the following ways:
Primary site administrator acount
This is the account you specified and created when you created a new site. It is stored within server.
You can grant administrative privileges to any role in the role store, then add users to the role.
In order to consume the Administrator API from a script or an application, you need to append a token to the end of the URL. A token represents a users's identity that can be safely embedded in your scripts and transmitted to the server.
Tokens can be generated using the Generate Token operation. Tokens can also be generated using the HTML interface in the Administrator Directory.
Once a token expires, a new token must be generated and used in place of the expired token.