In another thread, Lee Connell has mentioned that I should use an auth token. What is this? I have a live app doing offline API calls that seem to work fine without setting an auth token, btw.