I want do that with the same way, but I found simplest solution instead of api I use just direct link which should be genereted (thats enought in my case where the security of password don't need be hide)

https://<guacamole_server_FQDN>/#/client/MwBjAG15c3Fs?username=&password= where MwBjAG15c3Fs is a connection identifier encoded in base64url (connection id # + null byte + client identifier type + nullbyte + database type) when the database used is MySQL or Postgres. In this case it is 3�c�mysql

So on the end once you do the login via Api you should skipp the usr/pwd from the link and just use base64 encoded connection for client