Enhancement: Authentication is currently only via user/pass, request API Client, too

[QuaCKeReD]

Currently, access is stored as user@customer:password, and calls with header values to match.

API Clients requires the header to pass bearer values, using access tokens obtained via OAuth.