Rest API is built with 3 authentication mechanisms:

• Basic authentication - user name and password are sent with the request
• Apitoken authentication - API token is generated using the user name & password, the following Rest API call can use the api token to perform the calls
• OAuth authentication - using user name & password an OAuth token and a refresh token are generated.  When the token expires, a new token can be generated using the refresh token

In FlowWright environments where there are no passwords stored such as SAML authentication or Active Directory authentication, instead of passing a password, the license key can be passed.  License key can be viewed on the licensing page at Status→License