I am setting up access to PM with REST and need to understand how the API handles authentication
Are you looking for the authentication methods when you call the REST Management API service of the CA API Gateway?
The documentation of the REST Management API service is provided with the API itself as HTML documents. Please refer to the following URL - https://<Your CA API Gateway host>:<port>/restman/1.0/doc/home.html .
The REST Management API service accepts two authentication methods, HTTP Basic authentication or Client Certificate mutual authentication. Client Certificate mutual authentication is recommended in the "Authentication" section of the document.
HTTP Basic authentication would be simple and easy for trial. The same credentials as the Policy Manager can be used for the access to the REST Management API service.
Was your question answered with the information provided?