[AlphaCommerceHub] How is the APIs authentication security implemented?

The documentation says that a merchant should provide the MerchantID and UserID parameters to the API (see a screenshot below).
Also, a merchant uses unique «Pay Pages» paths.
I have not found any mentions of passwords nor private keys, so I do not understand, how is the authentication’s security implemented?
What if another person will know my «MerchantID», «UserID», and «Pay Pages» paths and will use them? Which of these data should be kept secure exactly (e.g., encrypted in the Magento database)?

I have got an answer from AlphaCommerceHub:

The UserID functions as an authentication password and should be stored securely.