How do you secure a REST API, and what are the most critical vulnerabilities associated with it according to the OWASP Top 10?