Sandbox credentials are helpfully provided for auth on the API for individual use. Would be nice to have something similar for the 3-legged OAuth - for example an everlasting authorization code so one can test the API flow from the perspective of an OAuth'd user.