REST API is built with three authentication mechanisms:

• Basic authentication - username and password are sent with the request
• Apitoken authentication - API token is generated using the username and password; the following Rest API call can use the API token to perform the calls
• OAuth authentication uses the username and password to generate an OAuth token and a refresh token. The OAuth token is used for authentication, while the refresh token is used to create a new token when the current one expires.

In FlowWright environments without stored passwords, such as those using SAML or Active Directory authentication, the license key can be used instead of a password. The license key can be viewed on the licensing page at Status > License.