Describe a scenario where you had to secure a public-facing API gateway at Plangrid. What mechanisms did you use?