Once you have the Key, open endpoints (login not required) can be accessed by
sending the ApiKey as the AuthKey header.
A UserToken is required for closed endpoints (login required).
User tokens are issued per user per app. A token is obtained by making an
API call to the endpoint /token/, with the following POST parameters:
Closed endpoints require the UserToken to be sent as a header.