One crucial thing is that you should no longer use the authenticate endpoint. You should use the method of authenticating from the Cloud API guide and then use the access_token generated from those activities to authenticate your calls.
See my post here with a sample project and sample calls you can easily make 
Llessur
AJ_Ask
manasrlenka25
Sanjay_Bhat