You can configure the Authentication plugins of your choice for the Rest API. The Authentication system allows to define lists (chains) of possible Authentication Plugin, globally or for a set of urls. http://doc.nuxeo.com/display/NXDOC/Authentication+Overview
Default calls to Automation Operation are authenticated using a specific Auth Chain : http://explorer.nuxeo.org/nuxeo/site/distribution/current/viewContribution/org.nuxeo.ecm.automation.server.auth.config--specificChains
<specificAuthenticationChain name="Automation">
<urlPatterns>
<url>(.*)/automation.*</url>
</urlPatterns>
<replacementChain>
<plugin>AUTOMATION_BASIC_AUTH</plugin>
<plugin>ANONYMOUS_AUTH</plugin>
</replacementChain>
</specificAuthenticationChain>Rest API calls have also their own chain : http://explorer.nuxeo.org/nuxeo/site/distribution/current/viewContribution/org.nuxeo.ecm.restapi.server.auth.config--specificChains
<specificAuthenticationChain name="RestAPI">
<urlPatterns>
<url>(.*)/api/v.*</url>
</urlPatterns>
<replacementChain>
<plugin>AUTOMATION_BASIC_AUTH</plugin>
<plugin>TOKEN_AUTH</plugin>
<plugin>ANONYMOUS_AUTH</plugin>
</replacementChain>
</specificAuthenticationChain>You should be able to adapt these chains to whatever Authentication plugin you want to use.
##OAuth2 OAuth and OAuth2 are specific cases since they are not managed by the Authentication Filter : so OAuth and OAuth2 are always on. You just have to include the correct headers when doing the requests ; if the OAuth token is valid, you will be authenticated. Here is some documentation for OAuth2 : http://doc.nuxeo.com/display/NXDOC/Using+OAuth2