The API documentation says that I can "pass two parameters to authenticate", login and api_key. But it doesn't specify how. Should I just pass them as part of the URL when doing a GET request and as POST parameters when doing a POST request?
It also says that for legacy, "password_hash using the old salted SHA1 hashed password is also supported". But "legacy users" can also authenticate the method I asked about in my first paragraph, right?
Finally, I guess I could just do the HTTP Basic Authentication method, but I want to ensure that this method is going to be supported and there's no plans to remove it.