I'm building an application which will be hosted on a server. I want to build an API for the application to facilitate interaction with from any platform (Web App, Mobile App). What I'm not understanding is that when using the REST API, how do we authenticate the user.
For example, when a user has logged in and then wants to create a forum topic. How will I know that the user is already logged in?
You can use HTTP Basic or Digest Authentication. You can securely authenticate users using SSL on the top of it, however, it slows down the API a little bit.
OAuth is the best it can get. The advantages oAuth gives is a revokable or expirable token. Refer following on how to implement: Working Link from comments: https://www.ida.liu.se/~TDP024/labs/hmacarticle.pdf