Hello @drogba ,
the REST API can use the same IdentityProvider than the Webapp, as the Authentication and Authorization is part of the engine itself.
So basically every request towards the REST API can be done by any authenticated and authorised user. The Authentication mechanism can be handled in the Filter Implementation you are using. Please find an example for this filter here:
This example is for the Spring Boot distro and used Basic HTTP Auth as mechanism.
Hope this helps
Jonathan