You can make authenticated API calls by passing an
oauth_token parameter to any method.
The mechanism for obtaining a token on behalf of a user is explained here.
Each token has a set of 'scopes' attached to it, determining which methods you will be able to call. A scope represents a set of actions that a user has allowed you to perform on their behalf. The API explorer will let you call methods with differently scoped tokens for testing.
The lowest scope is
identity which is used for simple login representation. Beyond that
read scope, which allows you to fetch state information about the player. The final
regular scope is
write, which allows you to make modifications to a player. The
scope implicitly includes the
identity scope, while the
write scope implicitly
read. Asking for
write is the same as asking for
Applications should always ask for the lowest scope that they can manage with - don't ask for
write "just in case". You can always request expanded scope later, with a subsequent