Identity delegation plays a key role in enterprise security. You could be the owner but not the direct consumer of the API. There may be a third party who wants to access it on your behalf. Sharing credentials with a third party who wants to access a resource you own on your behalf is an anti-pattern. Most web-based applications and APIs developed prior to 2006 utilized credential sharing to facilitate identity delegation. Post-2006, many vendors started developing their own proprietary ways to address this concern without credential sharing. Yahoo BBAuth, Google AuthSub, and Flickr Authentication are some of the implementations that became popular.