Nope, that's a great question. The udata is a piece of information you can pass along with an API call, and the response you receive back will contain that same information. Its use can be to track internal transactions, response times, etc.
The ticket is explained in the API_Authenticate documentation here:
https://help.quickbase.com/api-guide/index.html#authenticate.html. In general, because API calls are performed from somewhere outside of your database, your application needs to know it's a valid call. Think of your application being locked, and using the API_Authenticate action will generate an access code that's valid for a certain timeframe. Subsequent API calls to your application will include that ticket to be successful.
