Passing encrypted user name and password to the authentication api

Hi,

Our community is enabled with HTTPS. We use https URLs for API. But Lithium providing response even though if we call API with http.  

1. How to restrict API to allow only HTTPS calls?

2. Does Lithium has any encrypted mechanism to pass encrypted username and password to the user authentication API?