There are two aspects of the Touchpoint Server related to authentication:
As an HTTP server, the Touchpoint Server supports HTTP basic authentication of HTTP clients. It does not use a separate user registry. Instead the Touchpoint Server delegates authentication requests to the Server API of the local TDI Server (the one that hosts the Touchpoint Server).
As a remote Server API client, the Touchpoint Server needs to authenticate against the remote TDI Server like any other Server API client would do. Note that authentication is not required when the connectivity provider is the local TDI Server.
For more on Server API authentication, see the appendix called Server API in IBM TDI V7.1 Reference Guide.