Authentication

Cookie authentication is the standard authentication method included with WordPress

Once you login to the WordPress admin you can do the API calls since WordPress can do the Cookie authentication

You have Permissions Callback to check the currently logged user has got priveledges to do the action

<?php
add_action( 'rest_api_init', function () {
  register_rest_route( 'myplugin/v1', '/author/(?P<id>\d+)', array(
    'methods' => 'GET',
    'callback' => 'my_awesome_func',
    'args' => array(
      'id' => array(
        'validate_callback' => 'is_numeric'
      ),
    ),
    'permission_callback' => function () {
      return current_user_can( 'edit_others_posts' );
    }
  ) );
} );