The goal of this gist is to describe how to query an object within a SFDC Managed Package, with a user who is not licensed for access to the managed project. There are two components, an apex class containing a custom REST endpoint, and a VisualForce Page where we hit the SF AJAX Proxy enroute to the SF REST API.

ApexRESTExample.cls

@RestResource(urlMapping='/RestTest/*')
global with sharing class ApexRESTExample {
@HttpGet
  global static List<NAMESPACE__ManagedPackageObject__c> getTasks() {
     
    List<NAMESPACE__ManagedPackageObject__c> test = [SELECT Id, Name from NAMESPACE__ManagedPackageObject__c];
    return test;
    
  }
}

resttestpage.page

<apex:page sidebar="false" showHeader="false" >
 
<html>
  <head>
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
    <script type="text/javascript">
      var sessionId = '{!$Api.Session_ID}';
  
      $(function(){
        $.ajax({
          cache: false,
          url: '/services/proxy',
          beforeSend: function(xhr) {
            xhr.setRequestHeader('SalesforceProxy-Endpoint', 'https://na3.salesforce.com/services/apexrest/RestTest');
            xhr.setRequestHeader('Authorization', 'OAuth ' + sessionId);
          },
          success: function(data,status,xhr){
              console.log(data);
            $('body').html(JSON.stringify(data));
          },
          error: function(xhr,status,errorThrown){
            $('body').html(errorThrown+': '+JSON.stringify(xhr));
          }
        });
      });
    </script>
  </head>
  <body>Loading...</body>
</html>