Scott Bolinger shares a custom WP-API authentication method on the AppPresser blog.
If you’ve worked with the API before, you may have come across the issue of authentication.
The API can allow you to create a post, get information about users, and lots more. For that reason, it has to make sure you are allowed to do that. The process for figuring out who can do these things is called authentication, and it can be a pain.
The documentation on authentication is sparse, with options for cookie, oauth, or basic authentication. In this post I will show you how to create your own custom authentication.
Scott notes that authentication with oAuth is probably a more secure method, but provides this as at least an introduction for custom authentication that could suffice for some users of the API.
I agree with Scott that it'd be really nice for more thorough documentation for authentication — and I'd add that pretty much every other part of the API could do with better documentation as well. I don't fault the team behind it, but we'll have to get on it as a community before this thing hits core.