HTTP Digest Authentication

An HTTP authentication scheme defined in RFC 7616 that challenges the client with a server-generated nonce, then expects an MD5 hash of the username, password, nonce, and request details. This prevents passwords from traveling in cleartext, unlike Basic Auth, but MD5's weakness and the lack of mutual authentication limit its security. Digest Auth has been largely replaced by token-based schemes such as Bearer and OAuth in modern APIs.