Since your REST calls are all HTTPS your calls are indeed encrypted. But if you want for some reason on top of that additional encrypttion you would need to do that yourself. You could use your JSON payload and encrypt those and just send those encrypted strings to the other end. But they would then need to decrypt those strings back to JSON before they could be processed.
Regards,
Ronald
‘Data at rest’ is in no way related to REST API's. In fact, it’s the opposite: when using REST API’s, your data is ‘in transit’ instead of ‘at rest’. You can read about the concept of data at rest at https://en.wikipedia.org/wiki/Data_at_rest .
The text also mentions that data ‘in transit’ is encrypted, and that is because Mendix only allows secure incoming connections (i.e https connections).