Authentication is where most API integrations go wrong the first time. Not because the concepts are complicated, but because there are several distinct mechanisms in common use, they solve different problems, and developers often reach for the one they recognize rather than the one that fits. Understanding what each mechanism actually does — and what it does not do — is the difference between an integration that works and one that works until it doesn’t.