1.8 and I think 1.8.1 do not allow HTTP authentication to be used with the JSON API. In 1.8 this is caused by the $auth_type being statically set to ZBX_AUTH_INTERNAL. With the latest from SVN it sets $auth_type based on the config. However the stock code requires that the user provide the right password even when LDAP or HTTP auth is in use.

My forum post, which includes a patch to fix the issue:
http://www.zabbix.com/forum/showthread.php?t=15885