REST API is built with three authentication mechanisms:

• Basic authentication involves sending a username and password with the request.
• Apitoken authentication involves generating an API token using the username and password; the subsequent REST API call can then use this API token to perform requests.
• OAuth authentication uses a username and password to generate both an OAuth token and a refresh token. The OAuth token is used for authentication, while the refresh token is used to obtain a new token once the current one expires.

In FlowWright environments without stored passwords, such as those using SAML or Active Directory authentication, the license key can be used instead of a password. The license key is available on the licensing page at Status > License.