What strategies do you use to secure API endpoints against unauthorized access and common web vulnerabilities?