There is a host of knowledge about accessing Cognos via the SDK available in the Cognos SDK documentation. The SDK JARs can be found in the Cognos installation itself (<Cognos root>/sdk), but you will probably want a little orientation from the docs to get started.
The above references the traditional Cognos SOAP SDK (accessible via Java). Cognos does offer a REST API, but it does not access all the various objects' metadata yet (as of 11.2).
For authentication, specifically, this will depend a little on whether you have a traditional namespace like LDAP or Active Directory (or even a Custom Authentication Provider). In this case, you'll wind up logging in to Cognos using the username and password, at which time Cognos will issue a CAM passport token. This token can be used for the remainder of the session. If you have an OpenID Connect namespace (e.g. Okta, ADFS, IBMid, etc.) things get a little more complicated.
IBM Cognos Analytics introduced support for two factor authentication protocol through OpenID Connect (OIDC) namespace. More information on Cognos OIDC configuration can be found here: Configuring an OpenID Connect namespace. Many Customers have existing automation applications or integrations through Cognos SDK or REST APIs. When moving to two factor authentication they struggle to implement logon to their OIDC namespace through the SDK. Depending on the OIDC provider, there are two main cases:
OIDC provider supports password grant, like OKTA:
...
OIDC provider does not support password grant, like IBMId.
Source
