The Tableau Server API is simple HTTP, and very rough. Essentially, your best bet is to watch the traffic using Fiddler and strive to recreate that with your application.
1. When looking at views inside Tableau Server, you'll notice a "Remember my changes" menu which allows users to save customized views. If you hit that "save_customized_view" URL with a POST, you can bring them back to their customized view by showing http://the_view_url/username next time.
2. Similarly, you can use HTTP requests to grab PDFs or data. This was actually made more tricky recently though, as those generation actions are now performed asynchronously on the back-end. If you get a 202 response code, you have to poll the same URL until you get a 200 and can download your file. I can try to go into more detail if you decide to go this route.
Fiddler tells me that POST to save_customized_view will require authenticity_token. That looks like an encrypted value, how do I calculate it?
Ah yes, that's a CSRF protection measure that was added in 5.1 I believe. While it's a good security measure overall, it does increase the difficulty of external access. A user session's auth token is returned in the response to an xml login... or extracted from any form the server presents to the client... hmm, let me stop here and say that this is actually going to be rather painful to circumvent. What we really should do is get serious about our external API design - not that this answer helps you right now.