You can create a user with permissions to that specific Mashup (along with any related entities), and then create an appKey based on that user. Once you have an appKey, you can access the Mashup at, for example,
The x-thingworx-session parameter here would persist the user session across the Mashup and others attached to it.
Once again, please note that the created appKey, based on the user, will have access to everything that user has. So, it would be a bad practice to create one based on the Administrator, as it would have pretty much have complete access.