There are a few things you need to know about using our REST api from a host other than Mango.
You will need to setup the CORS filter to allow cross site requests into Mango. You will need to allow all the various headers that you want to use. Checkout the classes/mangoApiHeaders.properties and the web/dox folder to see how the override-web.xml file should work. Be careful as the early releases of 2.6.0 beta have this filed named web-override.xml (which is wrong).
You will need to use the REST api to login to Mango via your remote server and then retain the session cookie to pass back to mango on any future requests.
Be sure to include the password header in the CORS configuration as you will most likely need to use this to login.
In the future we are planning to use OAUTH but this has not been a high priority for us yet.
Well done to you and your team. This all really just looks fantastic and we are all very excited here.
Between this, functionality like the persistent TCP syncing, and of course the MangoES, Mango is really growing to be a product that we are using and depending on more and more, and it's great to see it moving in these directions.