Is it possible to only allow REST API access with token authentication and not username:password?
Is there a config to allow certain roles to be able to access the REST API?