+1 for individual user tokens. 
An API usually has different uses. 

• Administrative access: Create folders based on an external system, access items from an external system.
• User access: Application for user X access credentials user X has access to. Use Y runs the same application using his own credentials, he should only have rights to his own credentials.