Authentication
Authentication in version 2 of the API takes the form of public and secret keys. For most GET requests, only a public key is necessary, which allows requests to be initiated from public code such as client-side javascript.
A secret key is necessary when requesting non-public data, or updates to the data within your organization.
Creating API Keys
To obtain a public key, a user must be created and granted API access on the user edit page (option "Allow API logon"). The public and secret keys may then be viewed on the user profile in the "User Info" box.
Revoking Access
To disable an existing API key, simple lock or deactivate the related user.