The new API (/api/2/*) is powered by Piston and authentication is provided for via OAuth. OAuth is a means for users to grant permissions to a third party application to act on their behalf without supplying a username and password.
The OAuth “dance” involves a number of steps:
Each of these reuqests must contain various OAuth headers, request parameters and be signed in a specific manner.
This is detailed in our api tests in _oauth_flow.