I have seen that PEGA itself mentioned that SSO works only with Web. Some one from PEGA expertise team has to comment on this , when we refer the same authentication service from service package , will it work or not.

Configure this SAML authentication service to enable web Single Sign-On (SSO) for your application.

I am exploring things on this. i will let you know if get to know anything.

SAML SSO authentication will work wtih REST API. I did the same in 8.3 and was working fine. Select the authentication type as Custom and give the SAML auth service rule. It should save without any errors. Change the processing mode from Stateless to Statefull. It will work. But the same is not working after upgrading to 8.5.1 version. In latest version, Pega expecting a authentication activity for Cutom type authenticaiton. Seems like something changed from Pega end in new version.

SAML 2.0 is vastly used for web SSO primarily aimed at user authentication. REST API on other hand is a async way of accessing application functionality via various channels like web, mobile apps, IoT etc that involves both user and API consumer verification. So OAuth 2.0 is the industry recommended standard to use. To hook up any existing SAML SSO implementation, look into OAuth 2.0 with SAMLBearer grant type. This allows exchange of a SAML 2.0 token for an oauth access token that can be used to access the REST API.