IncompleteOfficial response from Kev O'Connor
I've discussed this with colleagues and we are a little unclear as to what your aim is here. If someone is logged in as a control panel user, then they are able to access the data directly through the control panel. The API is not designed to be used in conjunction with control panel access in the way you describe. So there isn't a tool to facilitate authenticating control panel access. There shouldn't be any need to do this, as any data that could be surfaced via the API for a logged in control panel user could be accessed directly via the control panel.
If you want to email more details of what you are trying to build to [email protected] we can take a look if there are other ways to achieve it.