Walk me through how you would secure a public-facing API that Automation Anywhere bots use to fetch enterprise credentials.