Best thing to do is open Chrome DevTools whilst using the admin area to do the actions you want to automate, you’ll then be able to inspect the API requests in the Network tab.
There are also docs for user authentication that explain how to get the necessary tokens to make private API requests.
If you decide to use the private API just be aware that it’s private so that we can change it as needed. Hannah already mentioned above that we’ll be looking to overhaul the authentication in the not too distant future, we also want to look at changing how URLs are output so that they are more useful for external clients.