|Authentification and authorization mechanisms with the API are quite similar to a standard web user.
First API call is the login and will request a temporary session identifier by providing a username and a password. The returned identifier is valid for the session only. It will have to be passed along with each subsequent call until the termination of the session by logout.
The tuple username/password must always refer to an existing user defined in the customer account. It can be any of the users but the usage of a dedicated user is recommanded. AppShore provides a Role Based Access Control so the best practice is to define one or many roles for the API only and give them the appropriate set of permissions.
Usage of the IP address access control feature is also a recommended practice since the calling applications are certainly installed on servers with fixed IP addresses.
The external programs being connected as a user, they will be subject to the regional settings as defined in the user profile therefore it is adviced to set them once for all to avoid subsequent interpretation issues.