API user is like regular user in FC+, only difference is that it has assigned API key, what is visible only for FC+ administrators. To get one API key, you have to connect your sales representative or technical support. They create API user or attach API key to some existing user, and if you have permission to change persons or roles, you can fine-tune API user permissions.
Main principle with API user is: give it permissions as less as possible and as much as needed. API users may have access to sensitive data, and can make changes in your account, so if API key falls into false hands, it would be better, if it has access to only those commands, what are required for work.
It's good practice to have separate role for API user, what does not use permissions assigned to other people, like illustrated in following screenshot.