We have our development website password protected with htaccess and htpasswd. We have REST API on our dev website and we are able to bypass the password protection when we are not using any authorization header by passing the username and password as Basic Auth Type. Please check the below screenshot
Postman Authorization Type
However, we are having few other APIs as well where we need to pass the bearer(token) as authorization header. In this case we are not able to pass multiple authorization header for both htaccess password and token.
Is there a way we can pass both the htaccess authorization header as well as the API authorization header? Or can we bypass password protection only for API calls and not for the website?
For additional information, we are using Apache/2.4.28.