I’d forgotten about that -RunAsCredential parameter for remoting endpoints. That’s certainly easier to implement than a REST API on a web server, but be careful to properly hide all the commands you don’t want users to run, and don’t forget to set the language mode to ‘NoLanguage’. If you get that part wrong, people might be able to execute any code they like as your elevated account.
As luck would have it, Boe Prox is doing a series of Hey, Scripting Guy! blog posts this week on Remoting, and today’s article covers this exact topic: http://blogs.technet.com/b/heyscriptingguy/archive/2014/04/01/build-constrained-powershell-endpoint-using-startup-script.aspx . (The only thing it doesn’t have, with regards to this thread, is the -RunAsCredential parameter when calling Register-PSSessionConfiguration , but you can easily add that.)