To create and authenticate an API, you must have three things:
An API Key
A Partition
A valid username and password with system Admin permissions on the site
The API Key and Partition are provided by Support, and the Admin user will need to be created by the customer.
Important Note:
By default, the user token created through the authentication of username and password remains active for 90 days and must be re-authenticated after that time.
Why System Admin Permissions?
Since the API will access information from whichever module you want to build the API for, it needs access. When you give an API to a System Admin user, you guarantee that it has the highest access level possible.