It's true, saving passwords in your app is a bad idea. I typically solve this by not using passwords. I use https for my rest.
You can do basic authentication and send credentials on every request or you can set up an auth token that is ephemeral to make successive requests more light weight. This isn't an "admin token". It's a temporary way to quickly say, "hey it's me again". After a reasonable amount of time it expires and you have to send credentials again to get a new auth token.
I recommend you check out this similar stack overflow question:
restful-web-service-how-to-authenticate-requests-from-other-services