TL;DR: The REST API requires passwords containing certain characters to be escaped -- however, if a password contains more than one .