If you wanna use your own sessions check, you can try the option session
in $config['rest_auth']
.
According the docs:
If you're tying this library into an AJAX endpoint where clients authenticate using PHP sessions then you may not like either of the digest nor basic authentication methods.
In that case, you can tell the REST Library what PHP session variable to check for. If the variable exists, then the user is authorized. It will be up to your application to set that variable.
You can define the variable in $config['auth_source']. Then tell the library to use a php session variable by setting $config['rest_auth'] to session.
Anyway, I wouldn't recommend you this option because, being a Social Network website, in the future you may like to have, for example, a mobile app which will need the access to this API. And there you won't have PHP sessions to check for.
For what I have read, OAuth2 is the best option to go for to secure our Rest APIs, but I don't know how to implement it yet.
For now, what I'm doing on my CodeIgniter REST API is to generate API Keys for each user. Those keys will have an expiration date. When the expiration date is reach, API Key is removed from the list and the user should re-authenticate (login) to get a new API Key.
Hope this helps you a bit. I'm also in this same search and that's the further I have get.