You should look at the documentation for Google's implementation.
For authentication, use OAuth. If you need to supply your own OAuth authentication, look at DotNetOpenAuth.
For your REST Api, try to mimic Google's implementation which looks something like this:
Principal
https://www.googleapis.com/carddav/v1/principals/{userEmail}
Home Set
https://www.googleapis.com/carddav/v1/principals/{userEmail}/lists
Address Book
https://www.googleapis.com/carddav/v1/principals/{userEmail}/lists/default
Contact
https://www.googleapis.com/carddav/v1/principals/{userEmail}/lists/default/contactId