How do you secure a RESTful API against common vulnerabilities like SQL injection and cross-site scripting (XSS)?