How do you secure REST APIs against common vulnerabilities like unauthorized access or injection attacks?