Yes, API Store has an exposed API which can be used to register new users (User Signup) and authenticate users (Login).
curl -X POST -b cookies http://localhost:9763/store/site/blocks/user/sign-up/ajax/user-add.jag -d "action=addUser&username=user2&password=xxx&allFieldsValues="
curl -X POST -c cookies http://localhost:9763/store/site/blocks/user/login/ajax/login.jag -d 'action=login&username=user1&password=xxx'
But password recovery functionality is not available yet. It will be avilable in future releases.
Is there a way to customize the additional fields? What are the differences between these REST APIs and the APIs sent by Corso?
What you meant by additional fields? Did you mean the user claims? Underline the Store APIs I have pointed, the same web service APIs available in carbon are invoked. The store APIs makes it easier because it adds required roles (subscriber role) to the new users, in order to login afterwards.
It is possible to customize fields. But in API Manager we don't ship claim management features. If you check this in WSO2 Identity Server, there you can see in Configure->Claim Management, you have the ability to mange cliam dialects by adding new claims, changing order, etc. The claim dialect used in Sign up is wso2.org/claims. So if you want to do this for API Manager either u need to install claim management feature or go to database level and manually change claims in UM_CLAIM table.
Yes that should work. But the problem is for latest API Manager versions there is no compatible claim management features available. So you may have to wait for next release. As a workaround you can use Identity Server sepereately and point its user store to the same user store which api manger points (configured in user-mgt.xml). Then after starting Identity server you can do the claim mangement there. Since both are sharing the same user store those same claims will appear in api manager store as well.