The REST API in OT-BASE requires authentication. In other words, there must exist a valid account in the OT-BASE user database for which a REST query is performed. That account can be identical to a specific individual (not recommended), or it can be a dedicated account for a third-party software application that wants to interact with OT-BASE (recommended).
The good thing about authentication is that it allows you to set some boundaries on what data can be accessed by that third-party application, by defining clear limitations of access rights in the OT-BASE user management. For example, it is easy to limit the scope of a given account to inventory data of a particular site, building, or device group.
In technical terms, OT-BASE uses what is called "basic authentication". It's basic because access credentials are transmitted straight to OT-BASE, without involving independent agents or cryptology. That does not mean that credentials are transmitted in clear text, since you may be using HTTPS to connect to OT-BASE. In any case, you need to set up your third-party application for "basic authentication" and provide the credentials for a valid user account in OT-BASE.