Methods and systems for controlling access to a protected resource

The invention claimed is: 1. An electronic device comprising: a memory; a camera module; a communications module; and a processor coupled to the memory, the communications module, and the camera module, the processor being configured to: receive first credentials identifying a user, the first credentials being associated with second credentials identifying an account associated with the user; transmit, via the communications module to an authentication server, a first signal including a request to verify that the first credentials are authorized for accessing a protected resource; when the first credentials are authorized for accessing the protected resource, receive, via the communications module from the authentication server, a second signal including an access token for use in authenticating the user on requests to access the protected resource; receive, from the camera module, image data associated with a machine-readable optical label, the optical label encoding transaction details of a transfer of data to a second account, wherein the transaction details do not indicate an identity of the second account; receive a user input indicating authorization to initiate a transfer of data from the account associated with the user to the second account; and in response to receiving the user input, generate a request for initiating the transfer of data based on the transaction details, the request including the access token. 2. The electronic device of claim 1 , wherein the protected resource comprises an application programming interface that includes instructions for initiating the transfer of data from the first account to the second account. 3. The electronic device of claim 1 , wherein the machine-readable optical label comprises a two-dimensional barcode encoding the transaction details. 4. The electronic device of claim 1 , wherein the processor is further configured to capture the image data depicting the machine-readable optical label. 5. The electronic device of claim 1 , wherein the transaction details include a unique identifier of the first transaction. 6. The electronic device of claim 1 , wherein the machine-readable optical label has an expiry time. 7. A method comprising: receiving first credentials identifying a user, the first credentials being associated with second credentials identifying an account associated with the user; transmitting, to an authentication server, a first signal including a request to verify that the first credentials are authorized for accessing a protected resource; when the first credentials are authorized for accessing the protected resource, receiving, from the authentication server, a second signal including an access token for use in authenticating the user on requests to access the protected resource; receiving image data associated with a machine-readable optical label, the optical label encoding transaction details of a transfer of data to a second account, wherein the transaction details do not indicate an identity of the second account; receiving a user input indicating authorization to initiate a transfer of data from the account associated with the user to the second account; and in response to receiving the user input, generating a request for initiating the transfer of data based on the transaction details, the request including the access token. 8. The method of claim 7 , wherein the protected resource comprises an application programming interface that includes instructions for initiating transfer of data from the first account to the second account. 9. The method of claim 7 , further comprising: receiving second credentials identifying a user account; and associating, at the authentication server, the first credentials with the user account identified by the second credentials. 10. The method of claim 9 , wherein associating the first credentials with the user account identified by the second credentials comprises: computing, at the authentication server, a hash of the first credentials; and storing, in a memory accessible by the authentication server, the computed hash of the first credentials in association with the second credentials. 11. The method of claim 7 , wherein the machine-readable optical label comprises a two-dimensional barcode encoding the transaction details. 12. The method of claim 7 , further comprising capturing image data depicting the machine-readable optical label. 13. The method of claim 7 , wherein the transaction details include a unique identifier of the first transaction. 14. The method of claim 7 , wherein the machine-readable optical label has an expiry time. 15. A server comprising: a memory; a processing unit coupled to the memory, the processing unit being configured to: receive first credentials identifying a user; receive second credentials identifying a user account; associate the first credentials with the user account identified by the second credentials; store, in the memory, an access token for use in authenticating the user on requests to access a protected resource; receive, from a client application executing on a first device, a request to initiate a transfer of data from the user account to a second account, the request including transaction details derived from a machine-readable optical label, wherein the transaction details do not indicate an identity of the second account; verify that the request originated from the user; and in response to verifying that the request originated from the user, generate a request for initiating the transfer of data based on the transaction details, the request including the access token. 16. The server of claim 15 , wherein verifying that the request originated from the user comprises verifying that user credentials received from the client application match the first credentials.