Reply to comment
Login to QuickBase is provided through the API_Authenticate call, which returns a ticket and a ticket cookie. Just like a regular QuickBase login through the UI, the ticket by itself does not convey access to any applications. The application owner needs to assign an access role to the user first. (In addition to the ticket, your app needs an app token.)
There is also the call API_GetUploadToken, which returns a one-use only ticket that is intended to be used in conjunction with API_UploadFile, which is a file attachment call for programming environments that cannot make use of the local file system (such as Flex).
Both the ticket and a valid application token for the application need to be included for all API calls except the ones listed above.