The SFDC API requests operate in the context of a user which is identified by a sessionId or access_token. So, to make API calls, sessionId is needed and you get that by storing the username/security token/password and by calling login whenever you need to.
Also, you can achieve this by using the interactive OAuth flow which will require the user to authorize your application. At this point, you will be given a long-lasting token called the refresh token. After that, at any point, you can go ahead and use OAuth2 token service to get a new access_token by just using a refresh token.
I guess this last approach will meet your needs, it's just that this would require one-time user interaction to originally sanction your application.