Mobile applications, third-party applications, and JavaScript components/widgets (storefront or admin) are the three main types of clients as seen by Magento. Though a client is basically everything communicating with our APIs, each type of client has a preferred authentication method.
Magento supports three types of authentication methods, listed as follows:
Token-based authentication
OAuth-based authentication
Session-based authentication
Token-based authentication is most suitable for mobile applications, where a token acts like an electronic key providing access to the Web API's. The general concept behind a token-based authentication system is relatively simple. The user provides a username and password during initial authentication in order to obtain a time-limited token from the system. If a token is successfully obtained, all subsequent API calls are then made with that token.
OAuth-based authentication is suitable for third-party applications that integrate with...