You own a public-facing REST API used by mobile and web clients to read and update customer policy data. The API sits behind an ingress layer and talks to internal services and a primary database. Over the last week, you have seen spikes in unauthorized requests, inconsistent retry behavior from clients, and concern that some endpoints expose more data than they should. You need to explain how the API works and how you would secure and operate it safely.
How would you describe the way RESTful APIs work in practice, and why they matter in modern software development? As part of your answer, explain how you would design and secure such an API so that authentication, authorization, retries, and monitoring are handled correctly.