Some MyTimetable sites will require applications to use an API token when doing API calls. This token can then be used to monitor an application's API usage and limit the amount of requests by a specific application (and thus the load placed on the servers).
If an API token is required, it should be included in every request in the HTTP request header
apiToken. An example using the excellent command-line HTTP testing tool curl:
In some cases an API token will be granted an impersonation privilege. Using such an API token it is possible to retrieve the personal data of any user, without prior consent from the user (and thus without an OAuth token). In these cases the application should send an extra header,
requestedAuth, specifying the user name of the user to impersonate.