All API calls require that the user has permission to log in to the requested account. The user must also be designated as having the “API Access” permission. When using the API, this permission supersedes any other permissions granted to the user. Thus, API users are able to view and manipulate all account data that is accessible from within a web call.
The WSDL specification for the API may be found at:
Before logging into an account, the account must have the API feature enabled, and must have at least one API token created. API tokens act as an authentication and control object, and are similar to users. API tokens can have any combination of read, write, and sending permissions. They can be activated, deactivated, or deleted at any time. API tokens can be created programmatically via the API, or in the application.
If you have a Professional or Core edition account, you can create and edit API tokens by going to Home->Settings->Data Exchange in the application. Multi-Brand edition clients, and clients with certain versions of the Agency edition can create and edit tokens able to access all your accounts or a specific account. To create and edit API tokens in a Multi-Brand account, go to Home->Settings->Data Exchange.