Most of our external APIs are authenticated with an OAuth token which is generated using the OAuth API. To produce the authorisation string for the OAuth request, the app's client ID, ':' and password are concatenated and base64-encoded. This string is prefixed with 'Basic '.