I've read many documents about API's but they don't seem to mention API's for private accounts instead of publicly accessible information.
How does an API work to request private account data? How does it get the login details or session cookie?
For example:
The Facebook API to post to your timeline from a third party website.
If I'm already logged into Facebook and clicked the 'connect' button on a third party website, the API allows me to then post to this website.
How does it prove it is me who sent this, since it can't access the session cookie?