The user or third-party client to be able to access the REST API as a user using a username and password and not have full access by using the key. This will also extend the individualized resource control mechanism to non-browser-based API calls.