Legacy: HTTP Basic authentication
Users can authenticate using an HTTP Basic Auth header with the rest API using their password.
To limit Basic Auth API requests to specific IP addresses or subnets select IP Restrictions, Open or Strict. Open and Strict mode let you control in detail which IP addresses can use Basic Auth on incoming REST API request. Read more about Open and Strict mode IP Restrictions .
To avoid use of password in REST integrations, turn off Basic Auth. When turned off Basic Auth then all authentications for REST URLs will require Kerberos, OAuth, Personal Access Tokens, or Kantega SSO API tokens for authenticating.