How do you secure a RESTful API? Discuss common practices like JWT, OAuth2, or role-based access control.