Rest API is built with three authentication mechanisms:

• Basic authentication - user name and password are sent with the request
• Apitoken authentication - API token is generated using the user name & password; the following Rest API call can use the API token to perform the calls
• OAuth authentication - uses the user name & password to generate an OAuth token and a refresh token.  The OAuth token is used for authentication, while the refresh token is used to generate a new token when the current one expires

In FlowWright environments with no passwords stored, such as SAML authentication or Active Directory authentication, the license key can be passed instead of passing a password.  The license key can be viewed on the licensing page at Status→License.