To authorize in the REST API, use /public/jwt/login method and send the username and MD5 hash of the password.
Here's a sample REST API authorization flow.
(a long token, few thousand of characters)
2. Authorized REST API request
Add the "Authorization" HTTP header.
Authorization: Bearer eyJhbGciOiJIUz...
This will return you the whole list of available devices (the default page size is 100 so you need to specify a larger number to get all devices).
The token lifetime is limited (1 day), so you need to resend the authorization request if you get a 401 error.