Enhancement: Authentication is currently only via user/pass, request API Client, too

Currently, access is stored as `user@customer:password`, and calls with header values to match.

API Clients requires the header to pass `bearer` values, using access tokens obtained via OAuth.

