Authenticating against the REST API requires that you initially use HTTP Basic Authentication as described in RFC 2617. In subsequent requests the session cookies, returned in the initial response, should be sent instead of continuing to send the username and password with each new request.

Alternatively, you can use SSL certificates to perform authentication. You must use a certificate that has been signed and registered by a CA that is recognized by Oracle VM Manager, as described in Section 4.1.3, “Certificate Management for Certificate-based Authentication Using SOAP”.