WikiSpeech Java JSP application uses Cookie authentication but this not suitable for REST API, because REST recommends stateless operations and the application would not be safe against CSFR attacks.

Maybe this would be a solution:

https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet
Protecting REST Services: Use of Custom Request Headers

