OAuth2 and OpenID Connect are protocols for allowing Third Party Applications to request authorisation to a user's private details on another site without the external application ever getting the user's password. This is done by obtaining an authentication token, and sending the token with all resource requests. This method of authorisation is preferred over Basic Authentication because it is possible to limit what data any given token can access, and the token can be revoked by the user at any time.

We have launched our oAuth service and will be slowly migrating all users of the API to use this as the defacto method for user authentication and authorisation.