First of all, thanks for reaching out.
Let me try to understand what exactly are you facing.
You have a Published REST service that requires authentication and has "Active session" as authentication method? Like in the image below?
Then you are trying to access this service by using a REST Consume action?
You can take a look at the reference documentation how to access the service from you client side code (section 3.2). https://docs.mendix.com/refguide/published-rest-service
If you are using "Username and password" authentication, that requires you to send username and password with every request because by default REST services don't have a concept of session. They are request based and every request needs to be authenticated and authorized by itself.
Hope this helps.