Users can be associated to any number of Accounts or Sites. The Account and Site administrators can determine which Users have access. API Key pairs are provisioned at the User-level, so all API requests are made in the context of the User who generated the Access Token. There are two ways to retrieve user details: /v1.1/user grabs the context for the current user you're logged in as. Calling /v1.1/users will give you all users with permission and access to your account.

Here are some other properties that may not be obvious: