API authentication uses a private_key and public_key combination that are sent as query parmamters with every request.
To find out how to retrieve your keys from click here:Pathfix keys
We recommend using only server side API calls, where the private key is not exposed.
Only use this while in development/sandbox mode. We do not recommend this method as the keys are visible using developer tools and you information can be potentially compromised.