System and method for authentication

What is claimed is: 1. A computer-implemented method comprising: receiving, at a computing device, an authentication request from an external device for authenticating an application on the external device; receiving, at the computing device, a plurality of information items from a plurality of different externally residing information sources, wherein the plurality of information items comprises device fingerprinting information for the external device, malware detection information for the external device, and access restriction circumvention information for the external device; evaluating the authentication request, at the computing device, including evaluating each of the plurality of information items using a scoring system, to determine an authentication status of the application; issuing an authentication token to the external device, wherein the authentication token includes token information reflecting the authentication status and indicating a degree of certainty that the application or the external device is compromised based on the evaluating each of the plurality of information items; receiving login information and the authentication token from the external device for a user of the external device; issuing a login token to the external device in response to the receiving the login information and the authentication token; receiving, from the external device, a request for access to private information, and a confirmation of the authentication token and the login token; and selectively permitting a degree of access to private information by the external device through the application, based on the received confirmation of the authentication token and the login token, and the authentication status and the degree of certainty that the application or the external device is compromised. 2. The computer-implemented method of claim 1 , wherein the application comprises a software development kit (SDK). 3. The computer-implemented method of claim 1 , wherein the computing device is an API server and wherein the private information comprises financial information of a user of the external device. 4. The computer-implemented method of claim 1 , further comprising receiving historical information regarding past authentication requests and modifying the scoring system based on the historical information. 5. The computer-implemented method of claim 1 , wherein the scoring system is configured such that the authentication status is determined to be authorized based on the device fingerprinting information and the malware detection information indicating that the application and the external device is not compromised, and the external device is permitted access to the private information based on the authorized authentication status. 6. The computer-implemented method of claim 1 , wherein the external device is permitted the degree of access to the private information prior to evaluation of all of the plurality of information items, and wherein the method further comprises modifying the authentication status after the external device is permitted the degree of access to the private information. 7. The computer-implemented method of claim 6 , wherein the method further comprises modifying the degree of access to the private information by the external device based on modifying the authentication status. 8. The computer-implemented method of claim 1 , wherein a first item of the plurality of information items is received from a first externally residing information source, and a second item of the plurality of information items is received after the first item from a second externally residing information source, wherein the external device is permitted the degree of access to the private information after evaluation of the first item and before evaluation of the second item. 9. The computer-implemented method of claim 8 , further comprising modifying the authentication status after the external device is permitted the degree of access to the private information and after evaluation of the second item and modifying the degree of the access to the private information by the external device based on modifying the authentication status. 10. The computer-implemented method of claim 8 , wherein access to a first portion of the private information is permitted without evaluation of the second item, and access to a second portion of the private information is only permitted after evaluation of the second item. 11. The computer-implemented method of claim 1 , wherein at least one of the externally residing information sources resides on the external device, such that at least one of the plurality of information items is received from the external device. 12. The computer-implemented method of claim 1 , further comprising receiving, at the computing device, from a third party associated with the application, instructions determining the degree of access to selectively provide to the external device when the access restriction circumvention information indicates that access restriction for the external device has been circumvented. 13. A computer system comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the system to: receive an authentication request from an external device for authenticating an application on the external device; evaluate the authentication request including evaluating a plurality of information items from a plurality of different externally residing information sources using a scoring system to determine an authentication status of the application, the plurality of information items including at least one characteristic of the external device; issue an authentication token to the external device the authentication token including token information reflecting the authentication status and indicating a degree of certainty that the application or the external device is compromised based on the evaluating the authentication request; receive login information and the authentication token from the external device for a user of the external device; issue a login token to the external device in response to the receiving the login information and the authentication token; receive, from the external device, a request for access to private information, and a confirmation of the authentication token and the login token; and selectively permit a degree of access to the private information by the external device through the application, based on the received confirmation of the authentication token and the login token, and the authentication status and the degree of certainty that the application or the external device is compromised. 14. The computer system of claim 13 , wherein the at least one characteristic of the external device comprises device fingerprinting information for the external device, malware detection information for the external device, and access restriction circumvention information for the external device. 15. The computer system of claim 13 , wherein the authentication token includes token information reflecting the authentication status. 16. The computer system of claim 13 , wherein the instructions, when executed by the one or more processors, cause the system to receive historical information regarding past authentication requests and to modify the scoring system based on the historical information. 17. A non-transitory machine-readable medium storing instructions that, when executed by one or more processors, cause the one or more processors to perform steps compris