I currently have a web application that is sending REST API calls to vSphere.  It is creating a session through a Basic authentication header (username/password), which is working.  The password policy on this instance is set to 90 days for all users.  It is undesirable to have an administrator update the application configuration to comply with the policy for the human users.

Is there a better way (such as rsa public/private keys) or something else I can authorize these sessions with?  If not, can I create a different password policy for this single user?

Thanks!