A user is authenticated in an API call based on which piece of information?

When a user is authenticated in an API call, the authorization token is crucial because it serves as proof that the user has been authenticated and is permitted to access specific resources or perform certain actions. This token typically includes encrypted information about the user’s identity and the permissions they have been granted, allowing the API to verify the user's rights without requiring them to re-enter their credentials for each request.

The use of an authorization token enhances security by allowing short-lived access to resources, minimizing the risk that credentials would be exposed. While other elements like the user ID, session token, and password are important parts of the authentication process, the authorization token is what actually enables access in subsequent API calls after the user has been authenticated.