Can you please let us know the below points for both, VM and docker container based environments?

1. Does the API gateway supports digest authentication for the outbound calls via "Route via HTTP" assertion?

2. What is the default behavior for basic auth (preemptive or non-preemptive) for outbound calls via "Route via HTTP" assertion (if we set credentials in the option "Specify HTTP Credentials")?

3. What is the purpose of cluster wide property io.httpEnableAutoChallenge?

Release : 9.4

Component : API GATEWAY

By default, this property is false. This property enables authentication to be handled automatically (HANDLE_AUTHENTICATION)  by the underlying apache  HTTP client. 

We don't have digest authentication functionality  via "Route via Http" assertion by default.
We had made some tweaks in the existing code in order to support this feature; however, every request first goes with authorization header for basic auth, after responded with 401, then  the apache library makes next subsequent call for digest request only when "io.httpEnableAutoChallenge" = true.