What are the basic ways of ensuring that API calls (retrieving data) are secure? I have searched around and all I can find are ways to secure REST API itself. Apart from ensuring the calls are made over https and are credentialed, what else should I be looking out for?