Authentication - As Web API (Rest API) is stateless, so there should be some mechanism by which a server can identify the user in every request. So to enable a user's identity to a web-server, we pass some data in headers in each web-request to the server. The server reads that data & understand to identify the user. This process of identifying the user & ensuring that he is a valid one is known as Authentication.

Authorization - Now once we know that user is authenticated but we don't know how much access rights this particular user have over the application. So, the authorization is the process of giving access rights to a user.