PureCode Software interview question

What are some best practices for securing a RESTful API? Discuss techniques such as HTTPS, input validation, and protecting against common security vulnerabilities like SQL injection and CSRF attacks. How would you implement user authentication and authorization in a React application connected to a backend API? Discuss token-based authentication versus session-based authentication.