I did a webinar (gag) with Pantheon covering real world examples, writing custom endpoints, and including test coverage. Turned out surprisingly well, if I do say so myself.
WP REST API
wp profile eval-file, you can mock, execute, and evaluate the request with a one-off file.
By filtering the `rest_authentication_errors` filter, you can return a 401 error if the request isn’t authenticated.