Most of the API calls require an authenticated Memsource user. The APIs do not use any special user accounts. Each API can be called on behalf of any existing user (using their username and password). Before calling any API that requires an authenticated user, you have to call auth/login API to obtain an authentication token. Such a token is valid for 24 hours and can be used for all subsequent calls (please, do not acquire a new token for every call). Use the obtained token as the query parameter 'token' in following API calls. See the reference for more details about the authentication.
oAuth 2.0 can be set and managed in Memsource by clicking on Setup and going to the Integrations section.