That page about authentication, while part of the REST v1 documentation, does touch on Authentication for REST v2 (v2 authentication over HTTP requires you to use OAuth 2.0 and it links out to OAuth 2.0 documentation in another article).
We are working towards making OAuth 2.0 the standard and I encourage people to try it out if they can. However, we currently only support the "Authorization Grant" flow and that does not always mesh with specific API use-cases (it requires a web browser to sign into the community to get authorized).
The /authentication/sessions/login call, and the REST v1 Session key it returns will only work for REST v1 (REST v2 requires OAuth. You can make authenticated REST v1 and REST v2 calls using OAuth).
If you want to use only REST v1, you can use the /authentication/sessions/login call. If you do that, since you are not using Lithium SSO, you will not be able to use the sso.authentication_token parameter, as that requires a Lithium SSO token as the value. You may want to create a non-SSO API account to make your REST v1 calls with. If you do that, then you will pass that account's login and password to the /authentication/sessions/login call as the values of the user.login and user.password parameters.
You can also use REST v1 Session Key you get back from the result of the /authentication/sessions/login call to authenticate when you can an endpoint. You can combine REST v1 and REST v2 calls in your endpoint (or use one or the other).
You can make REST v1 or REST v2 calls without an OAuth 2.0 Access token, or a REST v1 call without a REST v1 session key and you will be making the call as an anonymous user. Provided you have granted the appropriate default permissions through the Lithium Admin, the calls you make as an anonymous user will return results (but will exclude any results that default permissions do not allow anonymous users to see).
I hope that answers your questions, and understand if any of it is confusing - please ask additional questions for clarification if you have them.
... View more
You have several options for making a REST API call to get data from your community. First, for some data, depending on how you set up the permissions in your community, you may be able to make a REST call without authenticating. Next, depending on whether you are using version 1 or version 2 of the Lithium REST API for your community, you have different options for authenticating. The REST v1 documentation for authentication explains the different options you have pretty well. If you have any questions about authenticationg to the API after reading that documentation, please post them here.
Both REST v1 and v2 calls can be returned as JSON. REST v2 returns JSON by default. To have REST v1 calls return JSON, you need to add the restapi.response_format=json query parameter.
As VarunGrazitti mentioned, you could use an endpoint to get the data you want -- that's a good way to combine REST calls to return just the data you need if a REST v1 or REST v2 call does not provide you with all of the data you need and you would otherwise need to make multiple REST calls. You can use a REST v1 API Session Key to authenticate to endpoints. If you have an api-specific user this could prove a useful way to programatically authenticate to endpoints in your community.
... View more
You could probably implement the board-level latest message on the ForumPage using the board/messages/latest REST API call (in a custom component, either server-side, using our freemarker rest object, or via an ajax call).
... View more