Can the API convert password protected pages?

Yes, the API can convert password protected pages.

• Basic authentication: you can use setHttpAuth().
• Cookie/session based authentication: you can set the session cookie with setCookies().

Other options that require some effort on your part:

• You can make the protected contents temporarily available on an impossible-to-guess URL:
  https://my.server.com/protected?token=6f816da9e9a66f779f9f9cf5c9e99285
  And invalidate the URL after it has been visited or after certain time period.
   
• You can render the protected HTML contents to a string variable or a file and use convertString() or convertFile() respectively. If the HTML refers to external files (JS, CSS, ...)
  • You can zip the HTML file and its external assets to a file and upload the zip file using convertFile().
  • If the assets are accessible on the public Internet, they can be referred to using absolute URLs, or using relative URLs in combination with the <base> element.

Our WordPress plugins can convert password protected pages by using Conversion Mode - Upload or Content, or Conversion Mode - URL and enabling Auto Use Cookies.