As Web API (Rest API) is stateless, so there should be some mechanism by which a server can identify the user in every request. So to enable a user's identity to a web server, we pass some data in headers in each web request to the server. The server reads that data & understands to identify the user. This process of identifying the user & ensuring that he is a valid one is known as Authentication.
Now once we know that the user is authenticated but we don't know how many access rights this particular user has over the application. So, authorization is the process of giving access rights to a user.