I came across a requirement few days ago, where I need to call a RESTMessageV2 through a script. The first option I thought of was to use setBasicAuth('userid', 'password'); function to pass the user id and password. This however didn't appear to be the right practice as we're openly broadcasting the password. Then I searched for options to decrypt the password field. I tried this by using the GlideEncrypter(); function to decrypt the password, and then pass it to setBasicAuth function. This option was brought up in several other discussions on this board. Not only did this not work, but I later realized that this is a fancy way of doing the same thing. Someone with good debugging skills can figure out the decrypted value at run-time, and that would lead to the same problem as the first - compromising access.

Finally, after doing some more research, I figured out the right way to do it. I created a REST Outbound Message (System Web Services -> Outbound -> Message).Inside it, I created a POST HTTP method to suit my requirement, , and defined the authentication profile on this method. In my script, I called this REST message/method, and I didn't have to pass the credentials and they are already defined. I passed other parameters, which were dynamic, and was able to achieve desired result without compromising access. I shared a screenshot from demo instance, in case someone is interested.

REST Message - HTTP Method:

  Code used in script include:

var message = new sn_ws.RESTMessageV2('DashboardScheduler', 'Fetch');
//message.setBasicAuth('userid', 'password'); //Not needed anymore
message.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
message.setRequestBody(this.encodeBody());
var response = message.execute();
return response.getStatusCode();

Hope this is helpful!