- An SSH connection should be used to connect to the Postman application.
- User accesses must be authenticated to make API calls.
- A dedicated instance for development should be used to ensure that device configurations are valid.
- AAA service should be deployed for user authorization.
- ACLs should be used to verify and filter different types of RUSTFul API calls.
Explanation: RESTful APIs are software interfaces into an application or a controller. For security considerations, access to APIs should require authentication such that an API is considered just like any other device to which a user needs to authenticate to gain access to utilize the APIs. A developer who is authenticated has access to making changes using the API, changes that can affect that application. It is best practice to use a dedicated development instance of the application to test change codes to avoid accidental impact to a production environment.