403 Error using PowerShell 5 as Kentico 8.2 REST client

Question

This REST request works when I load it directly in a browser in which I'm simultaneously logged into the Kentico 8.2 admin site:

https://www.example.com/rest/CMS.SettingsKey

Now, I need to return the same results using PowerShell 5. I tried various versions of the following:

$url = "https://www.example.com/rest/CMS.SettingsKey"
$httpMethod = "Get"
$credentialsBytes = [System.Text.Encoding]::UTF8.GetBytes("username:password")
$credentialsEncoded = [System.Convert]::ToBase64String($credentialsBytes)
$headers = @{}
$headers.Add("Authorization", "Basic $($credentialsEncoded)")
$settings = (Invoke-RestMethod -Uri $url -Method $httpMethod -headers $headers)
Write-Host $settings

Note that "username" and "password" are the same credentials used to log into the admin site (when the REST request is working in the browser), and the user is a global admin.

The PS snippet gives me a 403 Forbidden error. I followed this page and this page, but I can't get it to work. What am I doing wrong?

EDIT:
I enabled the REST service, but now I'm getting a 401 Unauthorized error. Again, the user is a global admin. I get the feeling the headers aren't being included in the request (or that there is a problem with the headers), because the same request works (from PowerShell) if I generate a hash and use hash parameter authentication instead of basic authentication. I tried using Fiddler a bit as suggested in comments, but I'm new to it, and I don't have time to dive in too deep right now.

Answer 1

Just tested it using the latest hotfix versions (9.0.32 & 8.2.48) and it works just fine.

1. Make sure REST is enabled for the specific site (not only the global setting)
2. Make sure you have <modules runAllManagedModulesForAllRequests="true"> in your web.config as described here.