Authentication happens via 2 unique keys which should be represented as HTTP headers in each API request.
Representing the Account key, which is connected to your account. This key is the same for all api users within your account.
Representing the key, the key will be linked to one or more roles. Depending on the roles you will be able to execute certain requests or not.
The required roles for each method are list in the API Reference
Both keys can be found in the keys section after logging in. The required HTTP headers can be copy/pasted from the tooltip for each individual Key.