Direct Access API’s have no specific sharing control and there is no need to implement a full authentication flow. The only thing you need is an API key to add to the header of your API call. You can get that key by subscribing to the API. API usage is metered and billed based on this API key. If usage should be billed to the users of your application, you should ask those users to bring their own key. More information is available in the documentation tab in the Market.
If an API is Access Controlled, this means that your application needs to accommodate an OAuth2 authentication flow between the application user and the NxtPort platform.
The application user logs in to the NxtPort identity component, and your application requests access to the API on behalf of the application user. The NxtPort platform then returns an access token to your application, which can be used to call the API.
To be able to request an access token, your application needs to be registered in the NxtPort platform. Registering an application is currently a manual process, so please contact NxtPort for this. More information is available on the OAuth2 for ISV's page.