All API calls must be authenticated using OAuth2.
If you want an introduction to OAuth2 here are two references: from digital ocean and from oauth.net.
We currently support one grant type: Resource Owner Password Credentials.
You can start using our API without running your own server (no need to supply a callback url to receive the Authorization Code) with the Resource Owner Password Credentials grant type.
Token Exchange
An example of how to exchange your username, email, client_id, and client_secret for an access token directly is available here.
Once you have an access token you can make API calls to any documented endpoint.