Use token based authentication.
- You authenticate via your API with your credentials
- If successful, you get a token (guid or some other random string) that you pass in from there on out. It's safe to store because it expires after inactivity.
- If your token becomes stale, you ask them to re-auth
Keep in mind the web service is going to have to hold a relation from the token to the user in the back end, and will have to be supported by you.
There are more elaborate schemes, as this is a primitive methodology, albeit an answer to your question.