There are multiple ways to secure a RESTful API e.g. basic auth, OAuth, JWT etc. but one thing is sure that RESTful APIs should be stateless – so request authentication/authorization should not depend on cookies or sessions. Instead, each API request should come with some sort authentication credentials which must be validated on the server for each and every request.
You can check the list and description of all the features on this page.
Custom API for WP
Our custom API plugin allows you to create custom endpoints/REST routes to fetch/modify/create/delete data with an easy-to-use graphical interface along with custom SQL queries. The plugin allows you to integrate an external API into your WordPress site, allowing you to interface with third-party services to fetch and update data.
You can check the Sample Code and WordPress Developer Hook to integrate the API connection on this page.