You are responsible for a new public API that lets external clients create, update, and query business records. The API will be consumed by third-party integrations and internal services, and it must handle sensitive customer data without exposing unauthorized access paths. A recent review found that the current draft has no clear authentication model, no abuse controls, and unclear behavior for retries and malformed requests.
How would you design this API so it is secure by default and resilient under real-world client behavior? Walk through the considerations you would make for authentication, authorization, request validation, abuse prevention, and how you would verify the design works.