New API rules breaking old script, help

Ok this may be my fundamental misunderstanding. What is the flow I want then; generate an App Access Token, then based on that response make the API request?