How would you implement authentication, authorization, and rate limiting for REST/GraphQL endpoints used by Automation Anywhere RPA bots?