The current use of the User Authentication API is to secure web services. Here is how to use it to secure a link.

WP-AppKit : use the User Authentication API to secure a link

/**
* WP-AppKit User Authentication API example:
* example of how to build a secured file download link.
* 
* For example in your app theme's functions.js :
*/

/**
* Builds a secured download link
* 
* @param {String} Id of the file (WP attachment for example) to download
* @return {String} Secured download link (if a user has previously logged into
*  the app using Auth.logUserIn(...) ).
*/
function build_secured_download_link( download_id ) {

	//Retrieve authentication data that we will be added to our link
	//to secure it. We want to be sure that the id received by the
	//server has not been modified along the way, so we add it to
	//the hmac (= control token) computation :
	var auth_data = Auth.getActionAuthData(
		'download-file', //action name
		['id'], //defines the key order of the following data for hmac computation
		        //(order matters for hmac and JSON objects are not ordered)
		{ id: download_id } //data that we want to be added to hmac computation
	);
	
	//Build download link:
	var download_link = '';
	
	//If a user is authenticated, add authentication data to the download link:
	if ( auth_data ) { 
		download_link = http://your-site/wp-content/scripts/test-download.php?id='+ download_id; //Path example
		download_link += '&user='+ auth_data.user;
		download_link += '&timestamp='+ auth_data.timestamp;
		download_link += '&control='+ auth_data.control;
	}
	
	return download_link;
}

/**
* For example, use this function to build the link when we click a
* #download link :
*/
$( '#download' ).click( function(e) {

	e.preventDefault();
	
	var download_id = '1234';
	var download_link = build_secured_download_link( download_id );
	
	//Here you would navigate to download_link to download the document
  
} );

WP-AppKit : use the User Authentication API to secure a link : server side

<?php
/**
* WP-AppKit User Authentication API example
* Example of a PHP script "test-download.php" that checks that the authentication
* data passed through $_GET is OK, and download the file if ok.
*/

require_once( __DIR__ . '/../../wp-load.php' );

$download_id = isset( $_GET['id'] ) ? $_GET['id'] : '';

$user = isset( $_GET['user'] ) ? $_GET['user'] : '';
$timestamp = isset( $_GET['timestamp'] ) ? $_GET['timestamp'] : '';
$control = isset( $_GET['control'] ) ? $_GET['control'] : '';

//Check authentication data (and download id) and logs the 
//user in if OK :
$result = WpakUserLogin::log_user_from_authenticated_action( 
	WpakApps::get_app_id( 'my-app-slug' ),
	'download-file', //action name
	compact( 'user', 'timestamp', 'control' ), 
	array( $download_id ) 
);

if ( $result['ok'] ) {

	//Here, if you want to test user permissions, you can use
	//current_user_can(...).

	//File example: 
	$file = __DIR__ . '/test-file-'. $download_id .'.txt';

	//Serve the file if exists:
	if ( file_exists( $file ) ) {
		header( 'Content-Description: File Transfer' );
		header( 'Content-Type: application/octet-stream' );
		header( 'Content-Disposition: attachment; filename=' . basename( $file ) );
		header( 'Expires: 0' );
		header( 'Cache-Control: must-revalidate' );
		header( 'Pragma: public' );
		header( 'Content-Length: ' . filesize( $file ) );
		readfile( $file );
		exit;
	}
} else {
	echo $result['auth_error'];
}