Whoevever she is, she probably isn’t writing a client which uses the REST API, so it isn’t an issue for her 
.
The GUI and REST API do the same thing. They are covered by the same authentication mechanisms.
Besides, you should really be using SyncTrayzor, which handles the GUI authentication without you having to input anything.