The Typepad Widget API is awesome. The concept is that you have a great widget you want users to add to their sidebar. Typepad want this to be a small self contained piece of DHTML code and want to be able to do all the verification of the user on their side without giving the widget owner any access to the user's account.
Browser based authentication used at both the eBay and Yahoo! developer programs (and explained beautifully in diagram form on the Yahoo! site) simply won't work for this since it gives the programmer access to your eBay/Yahoo/Typepad account (were they to use it). So Typepad found a solution to the problem that is really simple and elegant.
All data is sent to the API in a POST command along with redirecting the user themselves (rather than just a server to server POST call). Typepad's Widget API requires fields identifying you as a developer, your application, what it is called, verifying you are who you say you are (with a token) and finally containing the FULL HTML you want inserted in the user's sidebar to be sent to them through the POST command.
The user then lands at a Typepad log in page and all the data is carried through with them to a page where they can effectively suggest whether or not to keep the Typepad widget. GREAT!
I love this method, it's secure, clever, simple and behaves exactly as you would expect... Having worked with Google AdWords/Base/Adsense APIs, Yahoo! APIs, eBay APIs and a fair few others I have to say this Typepad Widget API has been the simplest yet. Well done Typepad!