Hey Andy,

Can you recommend any resources for learning how to do this?

This looks like a good article to get started with learning about RESTful APIs:

https://www.sitepoint.com/developers-rest-api/

For authentication do I really need to go the whole OAuth 2 route or
can API keys be enough?

OAuth 2 would probably be best if you're going to be allowing backwards and forwards communication (for example, letting folk modify account information) but if you're just using it to query transfer information, API keys are probably fine (but you'd want to allow customers to rotate them themselves in case of compromise).

Let's assume you have authenticated by whatever method. It's
probably best if that be valid for the whole customer record, so
something like this:

GET https://api.bitfolk.com/v1/guest

…gives you a list of guests. But is that a list of IDs, or a list of
guest names?

If you're following REST, you'd want that to return a list of guests with their individual ID and other details for that record, e.g.

{ id: 1, name: "James" }

Let's say it's a list of ID numbers.

GET https://api.bitfolk.com/v1/guest/1234/xfer

gives you back JSON for the current and predicted amounts in and out
for the current accounting period as well as the period start and
end times for guest id 1234?

Yeah, that's probably the best way to do it.

This is a big project for someone who has never done it before,
unfortunately.

It entirely depends on what powers the customer panel or whether you're building the API app specifically as a separate interface. Ruby on Rails (the language I use) has a bare bones API mode and their documentation is pretty good for getting you started.

I'm no expert on APIs, but happy to provide advice if you'd like it :-)

Cheers,
James