diff --git a/corepos/api.py b/corepos/api.py
index e7310a0..c93ff9d 100644
--- a/corepos/api.py
+++ b/corepos/api.py
@@ -2,7 +2,7 @@
 ################################################################################
 #
 #  pyCOREPOS -- Python Interface to CORE POS
-#  Copyright © 2018-2021 Lance Edgar
+#  Copyright © 2018-2023 Lance Edgar
 #
 #  This file is part of pyCOREPOS.
 #
@@ -28,6 +28,7 @@ import json
 import logging
 
 import requests
+from requests.auth import HTTPDigestAuth
 
 
 log = logging.getLogger(__name__)
@@ -48,27 +49,42 @@ class CoreAPIError(Exception):
 class CoreWebAPI(object):
     """
     Client implementation for the CORE webservices API.
+
+    :param str url: URL to the CORE webservices API,
+       e.g. ``'http://localhost/fannie/ws/'``
+
+    :param bool verify: How to handle certificate validation for HTTPS
+       URLs.  This value is passed as-is to the ``requests`` library,
+       so see those docs for more info.  The default value for this is
+       ``True`` because the assumption is that security should be on
+       by default.  Set it to ``False`` in order to disable validation
+       entirely, e.g. for self-signed certs.  (This may also be needed
+       for basic HTTP URLs?)  Other values may be possible also; again
+       see the ``requests`` docs for more info.
+
+    :param htdigest_username: Username for htdigest authentication, if
+       applicable.
+
+    :param htdigest_password: Password for htdigest authentication, if
+       applicable.
     """
 
-    def __init__(self, url, verify=True):
-        """
-        Constructor for the API client.
-
-        :param str url: URL to the CORE webservices API,
-           e.g. ``'http://localhost/fannie/ws/'``
-
-        :param bool verify: How to handle certificate validation for HTTPS
-           URLs.  This value is passed as-is to the ``requests`` library, so
-           see those docs for more info.  The default value for this is
-           ``True`` because the assumption is that security should be on by
-           default.  Set it to ``False`` in order to disable validation
-           entirely, e.g. for self-signed certs.  (This may also be needed for
-           basic HTTP URLs?)  Other values may be possible also; again see the
-           ``requests`` docs for more info.
-        """
+    def __init__(
+            self,
+            url,
+            verify=True,
+            htdigest_username=None,
+            htdigest_password=None,
+    ):
         self.url = url
         self.verify = verify
 
+        self.session = requests.Session()
+
+        if htdigest_username and htdigest_password:
+            self.session.auth = HTTPDigestAuth(htdigest_username,
+                                               htdigest_password)
+
     def post(self, params, method=None):
         """
         Issue a POST request to the API, with the given ``params``.  If not
@@ -88,8 +104,8 @@ class CoreWebAPI(object):
             'id': 1,
         }
 
-        response = requests.post(self.url, data=json.dumps(payload),
-                                 verify=self.verify)
+        response = self.session.post(self.url, data=json.dumps(payload),
+                                     verify=self.verify)
         response.raise_for_status()
         return response