Access token based authentication. Create an access token on a user's detail page in the web interface, and pass the token in each request via the X-AppFresh-Access-Token HTTP header or the access_token GET parameter.

HTTP basic authentication. Include user credentials on every request.

Cookie based authentication (with explicit login). Post the parameters user_session[username] and user_session[password] to /api/v1/login. Store the session ID cookie appropriately and pass it to other requests. Perform a GET /api/v1/logout to log out at any time.