In the new stable version of ROS (6.45.1), MikroTik has removed backward compatibility with the old API login method. When MikroTik implemented the new method (ROS 6.43), it announced that this would happen sooner or later. The new method works with passwords in plain text. It is therefore necessary for API-SSL to be active. The API login documentation can be found here: https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
In its changelog, MikroTik also makes it clear that when you downgrade ROS from version 6.45.1 to version 6.42.12 or earlier, user passwords will be deleted and password-less authentication will be allowed. If you downgrade ROS, it will thus be necessary to set passwords and secure your routers!
The new API login method is not implemented in ISPadmin 4. As a result, API will not work. Implementation of the new method was not possible due to outdated system libraries and packages for Debian 7 or earlier.
The new API login method is implemented in ISPadmin 5 (from 5.02 beta3 on). As a result, API-SSL works fine.
This change was made by MikroTik. If you are experiencing any issues with it, please contact MikroTik.