This is more of a REST thing than a Community Server issue, but I was testing a REST process on a client site and kept receiving an "Invalid Credentials" error. The REST process was working perfectly on two other Community Server sites, so I couldn't understand what the problem had to be, particularly since everything was configured correctly.
Finally it dawned on me that the IIS site was set for NT Authentication rather than anonymous access. There's a lot about REST I don't know, so I can't tell you how to support REST on a restricted site, not in this nuglet anyway. For today's more immediate needs, if you encounter this with a Community Server REST process, enabling anonymous access does the trick.
