What strategies would you implement to secure APIs against common vulnerabilities (e.g., OWASP Top 10) in a banking environment?