Cool.  I assume this is in the long-term plan, but just in case, I do suggest making a way to use the API without sending one's password (or even having to have it stored);  it's advantageous to be able to have the API have access to some functions, but the password gives you god mode access to your account.   I like how Bittrex lets the account owner specify some limits on the power of individual API keys, for example.