To access the services, the user must be authenticated against the Deutsche Telekom Security Token Server (STS). Regardless of the selected authentication method, the procedure is always the same:

The Client fetches an authentication token from the STS.
The Client uses the authentication token for subsequent service invocations.

An authentication token is a string that has to be passed as-is to further service calls. Since it has limited validity, an expiration date is returned as well. How to deal with expired tokens is specific to the selected authentication method.