z/OS Connect Enterprise Edition

Can I use HTTP port for connect from API Toolkit using Basic authentication an use HTTPS for connect application client usingClient certificate authentication?

Yes. The z/OS Explorer/API toolkit can be configured with 2 connections. one to the z/OS Connect EE server's httpPort and a second the the httpsPort.

For the HTTP & basic authentication

allowFailOverToBasicAuth="true"

should be specified in the webAppSecurity element.

The client certificate authentication would require the z/OS Connect EE server to be configured with:

clientAuthentication="true"

See : https://www.ibm.com/support/knowledgecenter/SSEQTP_liberty/com.ibm.websphere.wlp.doc/ae/rwlp_ssl.html

The z/OS Explorer should be configured to present the client certificate in the z/OS Explorer via the "Edit certificate management preferences" options.