After the REST call, you can do a Retrieve action on $latestHttpResponse. There you will find the cookie.
I am not sure how to fetch cookies from the first REST-call and add those to the second one.
The most common way for this set-up is that you first call a REST-method and fetch an authentication token. This token is returned in the response body of the first REST-call. You save this token in a non-persistent entity and add it to the Authorization header of the second REST-call. In this way, the authentication on the second REST-call is handled.
Here is a link to how Bearer tokens work, which is one possible method that I just explained: https://swagger.io/docs/specification/authentication/bearer-authentication/
I am not sure if this is exactly the right way in your case, as that depends on the owner of the REST-API and the way authorization is handled there. Hopefully this can help you to get a better understanding though.