Christian’s comment may be sufficient for your needs. It shows how to use the Nancy add-ins for Basic or FormsAuth and RESTSharp does support Basic auth right out of the box.

I’ve been building a Nancy driven REST API at work for quite some time now, we’ve used both RESTSharp as well as plain HTML+JS as clients and we chose to implement our own session based authentication (partly because those add-ins didn’t exist when we implemented). However what is nice about it, is how simple it is to use regardless of what the client supports. I’ll quickly explain how it works.

The client sends their username and password (or if you like, identifier and secret key) to create a new session resource using POST /sessions (use HTTPS). This resource contains a session key which can be used for subsequent calls. The session expires after X minutes of inactivity.

Each call made to the service requires a valid session key (except creating a session). The key is provided either as a cookie or in the query string. When using RESTSharp we usually set this as a cookie and just keep reusing it unless it’s expired.

Finally, the session can be destroyed by calling DELETE /session/{key}.

This is a simple, but effective (assuming HTTPS) way to secure a REST API.

Alternatively you could implement OAuth, which RESTSharp also apparently supports out of the box.