Uploading media with the REST API

I am having trouble when uploading media to a WordPress site with the JSON REST API.

With the following code I can upload the photos, but no info is assigned to them, not even the name – in fact the name automatically becomes the URL and filename (without the extension).

$username = "ZX";
$password = "ZX";
$host="http://ZX.com/wp-json/wp/v2/media";
$data = json_encode($data);
$file="/Users/xx.png";
$imagedata  = file_get_contents($file);
$process = curl_init($host); 
curl_setopt($process, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($process, CURLOPT_BINARYTRANSFER, TRUE);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($process, CURLOPT_TIMEOUT, 50);
curl_setopt($process, CURLOPT_USERPWD, $username . ":" . $password);
curl_setopt($process, CURLOPT_POSTFIELDS, $data);
curl_setopt($process, CURLOPT_HTTPHEADER, array('Content-Type:image/png','Content-Disposition:attachment;filename=".$file));
$return = curl_exec($process);
print_r($return);

How would I assign data, like the following, to the uploads?

$data = array(
  "status" => "draft",
  "title" => "Photo media",       
  "description" => "Photo media1",
  "media_type" => "image",
  "alt_text" => "alternate text"
  );

This is not possible via the API; you need to fetch the image yourself, and send the data to the API yourself.
Blockquote

^{– This quotes Ryan on the GitHub–issue mentioned in @Dan (deleted) answer.}

How to side load images

Note that the media_sideload_image() return value can be an instance of \WP_Error as well. You then just need to attach it to a post, which is quite simple:

$media = media_sideload_image( 
    "http://i.imgur.com/bcJvAj0.jpg', 
    $post->ID, 
    'Some image description', 
    'src'
);

if ( ! empty( $media ) and ! is_wp_error( $media ) ) {
    // reference new image to set as featured
    $attachments = get_posts( [
        'post_type'      => 'attachment',
        'posts_per_page' => 1,
        'post_status'    => 'any',
        'post_parent'    => $post->ID,
    ] );

    if ( is_array( $attachments ) ) {
        set_post_thumbnail( $post->ID, $attachments[0]->ID );
    }

    // Test print our image. The return value is the src of the sideloaded image.
    printf( '<img src="https://wordpress.stackexchange.com/questions/229430/%s" />', $media );
}

The internals

A short back trace through core that explains why you should stick with the API:

Take a look at the source of media_sideload_image() to see it uses download_url() internally, which uses wp_safe_remote_get(), a wrapper for \WP_HTTP::get(). This means it offers the whole WP API while being quite safe, debuggable and easy to use. The return value of download_url() is the result of wp_tempnam(), which takes all possible /tmp locations into account (there are plenty) and makes sure your location is writeable. The media_handle_sideload() will generate all needed attachment data and meta data.