The API still requires sending the user to a web page to log in. This is a cumbersome requirement; not every app that uses the API is going to be an app where it makes sense to pop up a web page for the user to log in. As an alternative, give the user an API key (just one, or even better, one per third-party app) so the user can just specify this key in an app, and can revoke the key to revoke the app's access. Pinboard is a great example of this, where an API key looks like this: "myusername:myapikey"