I had a discussion with one of our developers. If the user is logging into the PilotPress protected WordPress site with your app, you can get the membership levels using session variables.
$_SESSION["user_levels"] contains the membership levels of the logged in user, and your app should be able to access the session variables. Look on about line 2272 for where we are setting the session variables.
We actually don't use sessions any longer but maintain the code for backward compatibility. We could deprecate them in the future but we'll provide an alternative at that time.
If you're looking to build your own authentication code using the regular ONTRAPORT API look around line 2120 for code we use. It starts with this:
$api_result = $this->api_call("authenticate_user", array("site" => site_url(), "username" => $username, "password" => $hash, "version" => self::VERSION, "algo" => $algo, "session_id" => $session_id));
You can probably reverse engineer the rest of it based on the functions named. It's not in our regular API documentation so this would be the harder route to take. If your contact is logging into the WordPress site normally using your app, then the session variables are going to be a lot easier to hook into.