After receiving of access/refresh tokens from the authentication endpoint, the next steps are pretty straight-forward.
For each request to any resource url (using GET/POST/PUT/DELETE) you should add Authorization header like:
Authorization: Bearer [access token value received on previous step].
For example, Authorization: Bearer fgo123123isdfwerwe4556gsx676sgatqwtqwergfg.
You can add it either manually (if you use some utility for REST API testing) or it can be added authomatically based on access token value if you try to utilize REST API using some library (in such case you need to read documentation related to the library to know how to do it).