Password or API key.
Some booru types salt and hash passwords, this should be done on the client side for security.
Docs for specific booru type should explain its authentication process sufficiently.
username
username:string
Username, the identifier you use to log into the site.
A user credentials object. Both fields are required, but their use depends on the booru type.