I have used Pamac for some time.
It has always asked for authentication when I apply updates.
Recently it has begun asking when I click apply, then again at the end of the process.
Is it possible to get it to ask once?
Can I just be done with it and run it with sudo from the terminal?
pamac update on the terminal does the job.
You could. But just because you could doesn’t mean you should.
Pamac isn’t intended to be used in this way. If you want to use the terminal (as I do) and want the password to be requested in the terminal, prepend the command with PAMAC_CLI_AUTH=1, so like this:
PAMAC_CLI_AUTH=1 pamac upgrade
This will cause it to ask for the password in the CLI, not as a popup anymore. I find this better and less intrusive.
Hope this helps!
I made a script that uses pamac to do the updates with Timeshift backups. It also has the option to skip backup creation:
Using pacman is always an option; for example:
sudo pacman -Syu
… will update your system.
However, if any action requires elevated privileges, you will always need to enter a password, no matter which package manager you use.
So, if you’re screaming “I didn’t sign up for this”, I’m afraid you did, simply by choosing Linux. 
That said, there may be a way to keep your password available longer, before having to type it again (in terminal only), but I don’t know how to configure it.
If you find any relevant information about that, it might help to some extent.
Here’s a proposed patch polkit-30-minutes.patch linked from that very page which suggests it might be. 30 minutes seems excessive, though.
Additionally, the broken link OpenSuSE Leap 15 seems to have extended this functionality looks promising:
They [OpenSuse] seem to have re-interpreted the
..._keepactions to mean “remember authentication while the asking process is running”, and added..._keep_sessionand..._keep_alwaysactions to mean “remember for the entirety of this specific login session” and “remember forever”, respectively.
— Added this as separator to better… separate … two different topics, or thought processes —
There are certainly times when a longer timeout would be desirable, and this guide suggests a procedure to achieve just that, using /etc/sudoers to change the timestamp_timeout value. 
Though, I’d probably prefer a switch, something like:
sudo --timeoutval 1200 do-dat-ting-man
… if it existed.
Welp, this is VERY cool then!
But I don’t know anything more 'n that…
That’s for sudo and not polkit, which is what’s be necessary for pamac…
I have customized my sudo one…
That’s true. I gave up on your polkit link and found this instead, which achieves the outcome; something I’d long forgotten about. Plus it might be the closest the OP can get to minimizing the frequency of password use.
From this I got this link:
https://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html
and:
https://wiki.archlinux.org/title/Polkit#Bypass_password_prompt
So I’ve come to the following conclusion:
It might be possible. However, it seems it won’t be easy, as it’ll require OP to override an existing rule to add it. And that’s all I know and where I bow out.
I suspect this 
is OPs best bet…
Extending the sudo password timeout looks as it might suffice, especially as it also extends to sudo use in pamac; that is, unless someone gives a specific reason that it won’t. I’ll likely do this myself too, now I’ve rediscovered it. As the only user, there are no obvious security implications.
AFAIK it doesn’t have an effect on pamac. On pacman yes, but pacman != pamac. Because pamac shouldn’t be used with sudo, polkit takes care of authentication when necessary, but pacman uses sudo.
The assumption is that pamac employs the same sudo as pacman, with the same inherited configuration. I’ll look at it again when I’m back on Linux tomorrow.
Which it doesn’t, as I’ve already mentioned 
These links might be related to the OPs annoyance with having to type a password more than once:
I’ve been using:
PAMAC_CLI_AUTH=1 pamac upgrade
for a couple days now.
I have observed a couple behaviors I don’t understand.
I use this on two Manjaro installs. On one machine, I need to authenticate once and it just continues to completion. (Call this PC-A)
On PC-B, I authenticate initially as on PC-A. But, to complete, I need to authenticate again.
Also, on PC-B, after running pamac, the nfs mounts are not found.
mount.nfs: failed to prepare mount: No such device
After reboot, the mnt works fine.
This is off topic so respond at will.
Do you use btrfs?
I resently had a VERY strange bug where the directory where my NFS were supposed to mount was suddenly gone. I used “open as root” in dolphin (to recreate it) and suddenly the dir appeared, but nfs still refused to mount.
A reboot fixed it.
Anything similar with you?
I’m guessing on one PC it takes longer to do what it’s doing after initial authentication, so it times out.
And it seems it can’t be customised, really. See this open ticket from 2018:
Neither PC is btrfs.
The mount issue only happens on one PC and only after running the pamac command.
Ah…could be.