The Data API Service documentation describes the route
/whoami, which generates a Refresh Token that can be used to authenticate service calls and expires in seven days. This authentication pattern seems to be a subset of the OAuth protocol, which usually entails the authentication of a client with a server; the similarities are present, as I can only access the initial token by providing my username and password.
This style of authentication introduces an interesting pattern for server-to-server authentication. After accessing my initial API token, I can generate a refresh token which I can store with a timestamp to indicate when to refresh it. It requires a bit of work to consume this pattern, whereas I may be able to reuse an existing authentication pattern with less effort. For example, standard libraries exist to handle HMAC authentication and are built with server to server authentication in mind.
Does Resin provide a standard method of server to server authentication, such as HMAC authentication?