You should use OAuth 2.0 client credentials flow to secure REST APIs used in your web application.
Major password leaks are unfortunately becoming all too common. Each time a new batch of passwords becomes public knowledge, security experts pipe up with recommendations which basically boil down to two things: 1) don’t share passwords and 2) make your passwords as tough to crack as possible.