Explain how you would secure a REST API from authentication bypass and rate-limiting vulnerabilities.