Rest Api is diabled by default for security reasons, to enable it edit env.php and set REST to true.
defined('REST') || define('REST', true);Authentication
Authentication is done with HTTP Authorization using any admin user credentials that has REST permissions.
Permissions
Permission can be controlled from admin user roles and can be set for both resource and action.
Open API
Open Api documentation is provided by the Open Api plugin https://plugins.vvveb.com/product/open-api