Quick Update: I found a way using header authentication and the QRS to check if a user exists in Qlik Sense. Still not checking if the user has an access pass, but it is one step closer. I am using Postman to check the results of these requests.
URL: https://[server name]/[auth prefix]/qrs/user/count?filter=Name%20eq%20%27[username]%27&Xrfkey=12ab34cd56ef78gh
1) X-Qlik-Xrfkey : 12ab34cd56ef78gh
2) [auth header name] : [domain]\[admin username]
The username in the URL does not need the domain. The username in the header should be a user that is allowed to access the QRS. The username in the URL parameter should be the user you want to check if exists. Assuming the admin user specified in the header has access to the QRS and the user you are check in the URL parameter exists, you will be returned, simply:
Thereby verifying that the user exists.