Thank you for your kind replies!

My expectation that it’s simply writing a few lines of code to login and then having access to the API was ‘wishful thinking’.

It seems going with OAuth will be the right approach, to continue with my idea …