I have jus had a PCI scan fail because of Basic Authentication that is setup in the .htaccess file for the API in version 4. All folders etc that end in api/ are redirect for Basic Authentication. As I do not use the API am I safe to remove “RewriteRule api/(.*)$ api.php?_d=$1&ajax_custom=1 [L,QSA]” from the .htaccess file? I really need the PCI scan to pass and Text Authentication is a big no no in the world of PCI compliance.