Create a Login/logout API like: /api/v1/login and api/v1/logout . In these Login and Logout APIs, perform the authentication with your user store . The outcome is a token (usually, JSESSIONID ) that is sent back to the client (web, mobile, whatever)
Read moreWhich authentication is best for REST API?
Here are some of the best practices for securing your REST API:
Read moreCAN REST API have authentication?
Users of the REST API can authenticate by providing a user ID and password to the REST API login resource with the HTTP POST method. An LTPA token is generated that enables the user to authenticate future requests.
Read more