After a lot of reading it appears that JWT Authentication is the best way to go. grazianodev has a good explanation of implementation at:
How to: Make JWT-authenticated requests to the WordPress API
Thank you. My biggest concern is this answer requires the “JTW Authentication for WP REST API” plugin. I was looking for an answer that did not rely on yet another plugin. I do not understand why with an interface like REST authentication and security appear to be an afterthought and not built in at the beginning.