diff --git a/Experiments/Experiments/ABTest.swift b/Experiments/Experiments/ABTest.swift
index 895771014f6..9dc3d0f0c55 100644
--- a/Experiments/Experiments/ABTest.swift
+++ b/Experiments/Experiments/ABTest.swift
@@ -15,6 +15,10 @@ public enum ABTest: String, CaseIterable {
     /// Experiment ref: pbxNRc-1S0-p2
     case aaTestLoggedOut = "woocommerceios_explat_aa_test_logged_out_202212_v2"
 
+    /// A/B test for the REST API project
+    /// Experiment ref: pbxNRc-2i4-p2
+    case applicationPasswordAuthentication = "woocommerceios_login_rest_api_project_202301_v2"
+
     /// Returns a variation for the given experiment
     public var variation: Variation {
         ExPlat.shared?.experiment(rawValue) ?? .control
@@ -27,7 +31,7 @@ public enum ABTest: String, CaseIterable {
         switch self {
         case .aaTestLoggedIn:
             return .loggedIn
-        case .aaTestLoggedOut:
+        case .aaTestLoggedOut, .applicationPasswordAuthentication:
             return .loggedOut
         case .null:
             return .none
diff --git a/Experiments/Experiments/DefaultFeatureFlagService.swift b/Experiments/Experiments/DefaultFeatureFlagService.swift
index 4d7a42302b0..853c73dedae 100644
--- a/Experiments/Experiments/DefaultFeatureFlagService.swift
+++ b/Experiments/Experiments/DefaultFeatureFlagService.swift
@@ -57,9 +57,6 @@ public struct DefaultFeatureFlagService: FeatureFlagService {
             return buildConfig == .alpha
         case .tapToPayOnIPhone:
             return buildConfig == .localDeveloper
-        case .applicationPasswordAuthenticationForSiteCredentialLogin:
-            // Enable this to test application password authentication (WIP)
-            return false
         case .domainSettings:
             return buildConfig == .localDeveloper || buildConfig == .alpha
         default:
diff --git a/Experiments/Experiments/FeatureFlag.swift b/Experiments/Experiments/FeatureFlag.swift
index accf0be0440..2dc3a866621 100644
--- a/Experiments/Experiments/FeatureFlag.swift
+++ b/Experiments/Experiments/FeatureFlag.swift
@@ -138,10 +138,6 @@ public enum FeatureFlag: Int {
     /// - Note: The app will ignore this if `performanceMonitoring` is `false`.
     case performanceMonitoringViewController
 
-    /// Whether application password authentication should be used when a user logs in with site credentials.
-    ///
-    case applicationPasswordAuthenticationForSiteCredentialLogin
-
     /// Whether to enable domain updates from the settings for a WPCOM site.
     ///
     case domainSettings
diff --git a/WooCommerce/Classes/Authentication/AuthenticationManager.swift b/WooCommerce/Classes/Authentication/AuthenticationManager.swift
index cf50e55872c..9bf14754e3c 100644
--- a/WooCommerce/Classes/Authentication/AuthenticationManager.swift
+++ b/WooCommerce/Classes/Authentication/AuthenticationManager.swift
@@ -62,8 +62,7 @@ class AuthenticationManager: Authentication {
         let isWPComMagicLinkPreferredToPassword = featureFlagService.isFeatureFlagEnabled(.loginMagicLinkEmphasis)
         let isWPComMagicLinkShownAsSecondaryActionOnPasswordScreen = featureFlagService.isFeatureFlagEnabled(.loginMagicLinkEmphasisM2)
         let isStoreCreationMVPEnabled = featureFlagService.isFeatureFlagEnabled(.storeCreationMVP)
-        // TODO: Replace with A/B experiment
-        let enableSiteAddressLoginOnly = featureFlagService.isFeatureFlagEnabled(.applicationPasswordAuthenticationForSiteCredentialLogin)
+        let enableSiteAddressLoginOnly = ABTest.applicationPasswordAuthentication.variation == .treatment
         let configuration = WordPressAuthenticatorConfiguration(wpcomClientId: ApiCredentials.dotcomAppId,
                                                                 wpcomSecret: ApiCredentials.dotcomSecret,
                                                                 wpcomScheme: ApiCredentials.dotcomAuthScheme,
@@ -342,8 +341,7 @@ extension AuthenticationManager: WordPressAuthenticatorDelegate {
         /// save the site to memory to check for jetpack requirement in epilogue
         currentSelfHostedSite = site
 
-        // TODO: Replace with A/B experiment
-        let enableWPComOnlyForWPComSites = featureFlagService.isFeatureFlagEnabled(.applicationPasswordAuthenticationForSiteCredentialLogin)
+        let enableWPComOnlyForWPComSites = ABTest.applicationPasswordAuthentication.variation == .treatment
 
         switch (enableWPComOnlyForWPComSites, site.isWPCom) {
         case (true, true), (false, _):
@@ -389,7 +387,7 @@ extension AuthenticationManager: WordPressAuthenticatorDelegate {
         /// If the user logged in with site credentials and application password feature flag is enabled,
         /// check if they can use the app and navigates to the home screen.
         if let siteCredentials = credentials.wporg,
-           featureFlagService.isFeatureFlagEnabled(.applicationPasswordAuthenticationForSiteCredentialLogin) {
+           ABTest.applicationPasswordAuthentication.variation == .treatment {
             return didAuthenticateUser(to: siteURL,
                                        with: siteCredentials,
                                        in: navigationController)
@@ -501,7 +499,7 @@ extension AuthenticationManager: WordPressAuthenticatorDelegate {
     ///
     func sync(credentials: AuthenticatorCredentials, onCompletion: @escaping () -> Void) {
         if let wporg = credentials.wporg,
-            featureFlagService.isFeatureFlagEnabled(.applicationPasswordAuthenticationForSiteCredentialLogin) {
+           ABTest.applicationPasswordAuthentication.variation == .treatment {
             ServiceLocator.stores.authenticate(credentials: .wporg(username: wporg.username,
                                                                    password: wporg.password,
                                                                    siteAddress: wporg.siteURL))