The server authenticates clients via the ClientId and ClientSecret headers. These headers should be passed for all requests made to the server. We do not expose any API publicly.
You can get your ClientId and ClientSecret here.
The server similarly authorizes all requests against the client and allows access only to resources that a client can use.