I am wondering how to work with system authentication using restful. In my case there will be user / password and permissions / hierarchies for the user, and until then as the most interesting solution found in searches was the work with token, where it is renewed every request to the webservice and sent to the user interface.
Note: The language used is php and the interface will be in html, but the focus is on secure authentication with REST.
For those who already know / have experience on the subject, what is the most appropriate way to work safely in REST for this case?