The Project Haystack interface is largely based on plain GET/POST requests made over either HTTP or HTTPS. Authentication differs between versions, but common methods include custom headers (e.g. SkySpark, WideSky) and conventional HTTP authentication (nHaystack).
Having authenticated, a couple of API endpoints allow us to discover what sort of server we are talking to. It's a shame that the authentication method isn't discoverable in the same manner, but that's life.