Basic authentication is the default mechanism for utilizing the API. Since all requests are made over SSL, the credentials are always encrypted.
If you wish to authenticate a user you can invoke any endpoint passing the user's credentials and verify you did not get an error response with status 401 or you can retrieve the list of communities for the user and verify you did not get a 'user_account_missing' error.
Users may have accounts in multiple communities and this API serves as a single entry point to determine the correct subdomain. Logging into the Socialcast Authentication API gives you access to the list of communities that the user is a member of. POST requests to /api/authentication with basic auth credentials to determine if the user has correct credentials.