What must be done to allow a third-party system to access the Magento API?

A.
Run a login call with username/password, and use the returned session_id for every request.

B.
Get a token previously generated in Magento admin.

C.
Run an authenticate call with username/password; the call will set up a session automatically.

D.
Register the remote IP address in the api/allowed_ips/[system name] node.

E.
Use a secure certificate, with public/private keys, and get a private key installed inside Magento.