Is The Following Code Needed In The .htaccess File?

We have a couple of sites that are still on CS and we have ran in to an issue with failed scans for our PCI Compliance on them. The part that is strange is all we did was move from a faster VPS and downgraded to a smaller VPS, but we are with the same host. Anyway, the following code has been on the site for some time now but now they say it is causing us to fail our PCI scan.

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

RewriteRule api/(.*)$ api.php?_d=$1&ajax_custom=1 [L,QSA]

RewriteCond %{REQUEST_URI} \.(png|gif|ico|swf|jpe?g|js|css|ttf|svg|eot|woff|yml|xml)$ [or]
RewriteCond %{REQUEST_URI} store_closed.html$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*?)\/(.*)$ $2 [L]

Here is what they are saying, “the “Basic Authentication over HTTP” failure is resulting due to an API call in your htaccess file. This means any file access with api reference will be moved over to a ajax function.”

The part that confuses me is why didn't we have problems with this code on their previous VPS package? So I am just wondering if anyone knows what the code does and if I it is find to take it out as they suggest. The only reason I am so hesitant is because I have no idea what it does and in my mind it has been there for a while so I don't understand why it would be an issue now.

It's the top rule you want to comment out. PCI won't like using ANY kind of http authentication that is not over HTTPS.

Thanks for the reply Tony.

One person on their support team seems to think all of the code above needs commented out, the other feels that just this part does:

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule api/(.*)$ api.php?_d=$1&ajax_custom=1 [L,QSA]

That is part of why I was concerned because they didn't seem to know for sure themselves.

So when you say the top rule, do you mean just the top line? I just comment out both of the lines I mentioned here but I am unsure what they affect or if it will mess up something down the road. Are these old and no longer needed or something?

This one only.

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Yes, as Imac says… PCI won't like that at all. The other's are all needed.