Can the API convert password protected pages?

Yes, the API can convert password-protected pages.

• Basic authentication: Use setHttpAuth().
• Cookie/session-based authentication: Set the session cookie with setCookies().

Other options that require some effort on your part:

• Make the protected content temporarily available on an impossible-to-guess URL:
  https://my.server.com/protected?token=6f816da9e9a66f779f9f9cf5c9e99285
  Then invalidate the URL after it has been visited or after a certain time period.
• Render the protected HTML content to a string variable or file and use convertString() or convertFile() respectively. If the HTML refers to external files (JS, CSS, etc.):
  • Zip the HTML file and its external assets, then upload the zip file using convertFile().
  • If the assets are accessible on the public Internet, refer to them using absolute URLs, or use relative URLs in combination with the <base> element.