The Admin API protects access to user data using OAuth 2.0. Login credentials are never shared with third party apps. Authorization is provided to third party applications via an Access Token.
The Access Token is encoded in JSON Web Token format.
The Authentication Framework - Tokens article has information on the various Tokens.
See the Base URL topic.
See the Versioning topic.
See the Authentication topic.