Don’t ever use user names and passwords for anything other than authenticating interactive users with your web applications or identity management systems. If it’s someone else’s web application, tie it into your identity management system or use OAuth. If it’s a non-interactive system or a native third-party interactive application, use API keys.
