Stephen,
Thanks for the reply.
I have tried this approach (testing with both Postman and Chrome) and it does not work. If I set the authorisation header it works, but not as username:password in the URL.
This maybe because the method is depreciated (https://developer.mozilla.../HTTP/Authentication), or Azure where the API is hosted does not accept this type of connection. The error message is failure to connect, so I don't think it is anything to do with the API itself.
Do you have any guidance on how I can include a Basic Auth header in a custom rule. If I can get pointed in the right direction on this, I'm sure I can do the rest.
Steven