we want to use WSS-Passwordtype property to REST API.What is the Assertion we can use for it.
WSS Password Type is a SOAP based concept that will outline if the password in the XML payload is plain text or digest. For Digest, you can use the Require Ws-Security Password Digest Credentials which is a one to one relationship of user to assertion as we need to know the password. For Plain text, you can use the WS-Security UsernameToken Profile Credentials.
Another option is you can pull the username and password out of the XML payload with Require XPath Credentials and authenticate it against an identity provider.