There are several ways to secure a REST API:

Use HTTPS: This ensures that all data transferred between the client and the server is encrypted.

Use OAuth: OAuth is an authorization framework that allows a user to grant a third-party application access to their resources without sharing their passwords.

Use JSON Web Tokens (JWT): A JWT is a JSON object that is used to securely transmit information between parties. The information can be verified and trusted, because it is digitally signed.

Use API keys: An API key is a unique string that is used to authenticate API requests. The key is usually passed in the HTTP header of an API request.

Use basic authentication: In this method, the client sends an HTTP request with a username and password for authentication.

Use multi-factor authentication: This method combines two or more authentication methods for added security.

It is important to choose an appropriate security measure based on the sensitivity of the data being transferred and the level of trust between the client and the server. 

Validate API Parameters. ...

Rate Limiting. ...

Implement Content Types. ...

Restrict Access to Resources. ...

Use Pagination 

https://stackoverflow.blog/2021/10/06/best-practices-for-authentication-and-authorization-for-rest-apis/