There are certain parts of the LittleShoot API that require special privileges. In particular, file publishing requires all requests to be signed, and it's only accessible to LittleShoot Partner sites with special credentials. LittleShoot uses OAuth for this process, in particular a simpler version of OAuth known as "2-legged OAuth" where there's a single API key another company can use for all requests as opposed to requiring a separate key for each user.
Here's the general sequence for making these calls to LittleShoot:
1) Obtain a special API ID key and an API secret key from LittleShoot.
2) Store the secret key safely on your server
3) When a user wants to make an authenticated call to LittleShoot, first make a call to your servers to sign the request using your secret key. Once you've obtained a signed version of the request, you can use it to make an authenticated request to LittleShoot.