Basic authentication is the easiest to implement security to your application and it can be implemented without additional libraries. Everything needed to implement basic authentication is what you have done. The problem with basic authentication is that it is (well “basic”) and it offers the lowest security options of the common protocols.
As far as I know there are no advanced options for using basic authentication, so you are just sending a username and password as base64 encoded.
Basic authentication should never be used without SSL encryption because the username and password combination can be easily decoded otherwise.
The UseSession = 1 as you mentioned will break the stateless caracteristics of restfull services and you will also consume a CSP license until the session ends.
You could take a look at other autorization frameworks as OAuth2.0, SAML (supported by Caché and Ensemble) or create your own custom protocols for access token control by using the ZAUTHENTICATE routine and Caché/Ensemble delegated access.
There are 2 nice posts from Daniel Kutac that may help you with additional options: