I planned to create a full API / REST interface, but I only implemented some functions. The key concept to get around is that it is simply an XML / JSON (etc.) response to a predefined URL.
You can easily configure using .htaccess and mod rewrite to allow domain.com/method/var/id or some similar structure to redirect to domain.com/ script.php? Method = method &? Var = var &? id = id. Once this is done, you can use them in your script, create your answer and return it (print / echo) to script.php.
When the user sends a request, he will receive the result that you specified.
Json is very easy to use and implemented thanks to http://php.net/manual/en/function.json-encode.php
You want to look in mod rewrite for apache.
As for authentication, it should not be different from other logins / authentications, look at the sessions for php. http://php.net/manual/en/features.sessions.php
Hope this helps.
user140291