The API is enabled by default in plaintext (HTTP). In CLI that would be "web-management" (note, no "ssl" behind it)
If you want to encrypt the communication (HTTPS), you'd need a web server certificate on the switch. CLI: "web-management ssl"
For that, you can either use a self-signed certificate or a CA-signed certificate.
If you want to use your local CA, you need to install your certificate chain as Trust Anchor (make your PKI trusted), and then generate a CSR, so that your CA can sign it.
You can do that all via CLI or via API.
On the CLI these commands are "crypto key" and "crypto pki", for API look at my previous post.
EDIT:
I wrote a small tutorial:
https://kohnkenet.de/index.php/2020/04/16/introduction-to-arubaos-s-rest-api/