Authentication is provided via OAuth 2, draft 13.
At present, only the
token authorization response types are supported.
Client IDs have secrets, which must be passed for
code token exchange requests.
Issued tokens are bearer tokens with no secret and no expiry.
Refresh tokens are not supported.
Possible scopes are explained here.
You'll need to obtain a client ID to use OAuth 2.